Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gidyn
Contributor III
‎01-12-2021 02:28 AM
‎01-12-2021 02:28 AM

Remote Testing

ISC2 are running a trial for remote testing. Securing the question bank under such conditions does not seem possible:

  • A camera could be hidden amongst other objects on a shelf, pointing at the computer screen.
  • Screen recording or sharing software not detected by the proctoring program could be used, this has already been done for OSCP.

In addition to leaking questions, the candidate could be facing a window or door, or electronic picture display, allowing an accomplice who's following the test (as above) to hold up signs giving hints.

 

If you agree that this is a bad thing, please consider signing the petition.

Reply
0 Kudos
1 Reply
rslade
Influencer II
‎01-12-2021 01:16 PM
‎01-12-2021 01:16 PM

> gidyn (Newcomer III) posted a new topic in Exams on 01-12-2021 02:28 AM in the

> ISC2 are running a trial for remote testing.

Oh, this is an absolutely fabulous exercise! Not the remote testing: the
opportunity to do a risk analysis on this hugely threat-filled idea.

I mean, it's not just the security of the test bank items, although that's a whole
field of study in itself.

We'll leave the preparation of the exam, since that is already happening, and so
must have been considered.

The next step is the choice of site. Is it selected from sites provided? Provided
by whom? How do we trust the provider? What restrictions or controls do we
need at the site? Is the site proctored or not? How do we trust and/or choose the
proctors?

Then there is delivery of the exam to the site. Is it delivered digitally, or
physically? Is it delivered as one exam, or as individual questions?

Then the process of sitting the exam at the site. Then the delivery and/or
marking of answers.

This is fun ... 🙂

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos