August 2001 — Features
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
New Aspects of Test Security
Most of the survey respondents, 64.3%, either did not know or were incorrect regarding whether test files could be retrieved from a computer when the recycle bin has been emptied.
Until the space on the drive where the file was stored is overwritten with new data, the file can be retrieved from the computer drive. One should run software, such as Norton Utilities, to overwrite the file space.
This situation has serious implications for a teacher who sells a computer or passes the computer on to another. Test files could be retrieved if the data is not written over before disposal. Other sensitive information, such as grades, could also be retrieved. Even formatting a hard drive will not clear data. Formatting only clears out the directory and file allocation tables. The only way to ensure that sensitive data is not still residing somewhere on a hard drive is to overwrite the data (including slack space) using software designed for that purpose before selling or passing a computer on to someone else.
3. Test files are secure at all times on an office computer if it is not connected to a network and if the test files are password-protected. No.
More than half of the survey respondents, 54.8%, either did not know or were incorrect regarding the security of password-protected test files on a stand-alone computer.
The first line of defense should be the physical security in your office. How secure are the following: office locks, ceiling tiles and windows? Who has copies of a master key to your office? How well d'es your department or school control access to the master key? Do you keep backup files on disks? Do you keep them in a disk box, locked or not, that can be easily removed from your office?
Security on your computer is the next consideration. Passwords are amazingly easy to steal. For starters, most passwords are too simple. Users tend to choose familiar names or dates, which could be known by others. However, even more complex passwords may be cracked using one of any number of password-cracking programs available on the Internet. In a recent year, close to 50,000 passwords were collected by a hacker from various colleges and universities around the country (Anonymous 1999).
When you use Microsoft Word or Microsoft Excel, you can place a password on your test files. To place a password on a file, go to the save as command, go to options, and enter a password to open or modify a file.
4. If the Internet is accessed and test files are password-protected, they are secure. No.
Nearly half of the respondents, 47.6%, either did not know or were incorrect regarding whether test files were secure when a connection has been established to the Internet.
Whenever you access the Internet, the files on your hard drive are vulnerable to hackers. Most users access the Internet through a modem using a telephone line. If you access the Internet by way of a modem, then test files on your hard drive are vulnerable only when you have established your connection by dialing up. However, if you turn on your computer, dial up the Internet, minimize the Internet screen, and leave the Internet connection open while you work, files on your hard drive are vulnerable to hackers the entire time the connection is open.
