More Layers, Please

Written by: David Foster, CEO, Caveon Test Security

Recently I saw a television commercial where a man is interviewing children at a short table in what looks like a kindergarten or first grade school room. He asks obvious questions that elicit great reactions from the children (I’m paraphrasing here): “Is it better to have two lasers coming out of both of your eyes or just one laser out of one eye?” Of course the children answer loudly in unison, “Two!” The kids then go on to explain why, in very funny ways (for example, “Two lasers can do a lot more damage than just one!”).

In a similar way, I could ask, generally, “Is it more important to have more layers or fewer layers of something?” Most people would answer, that if you are going to have layers at all, in most cases, more is probably better than fewer. More layers on a cake. More layers of clothing on a cold day. More layers of protection against viruses on your computer. Over the past few years, in work presentations, I sometimes show a Visa credit card print advertisement that I really like. It pictures a fireman with several “layers” of protection, including special coat, helmet, oxygen, axe, fire truck, etc. The ad also makes the point specifically that it is smart for someone fighting fires to have several layers of “protection.” This is prudent because several other layers remain in place if one fails.

In the December 12, 2012, USA Today newspaper there was an article about the Transportation Security Agency (TSA) and concerns over the possible increased use of fake boarding passes to allow some travelers to skip the more rigorous security check. The article rightly, in my opinion, downplayed the concern explaining that TSA has in place multiple layers of security to make sure that (1) boarding passes haven’t been modified and (2) that travellers aren’t able to smuggle dangerous things on board. Again, the concept of layers proves useful; this time in an area of security that affects all of us.

Making the small leap to test security, layering is equally important. From many research reports and casual observations, in testing endeavors from education to the workplace, we experience an unacceptable amount of cheating and other types of test fraud. To deal effectively with our security problems, every detection or preventative method should use more than a single layer. As examples, more than one authentication method should be used to make sure a test taker is the right one; say, combining facial recognition with the use of government-issued identification (which can be easily faked). Visual monitoring of examinees by proctors can be enhanced by recording and storing the test session electronically. The session can be reviewed at a later time by security experts if it is felt the proctor may have missed something. The detection of cheating is strengthened by adding data forensics to the usual proctoring procedures. Finally, restricting unauthorized access to testing information in databases can be enhanced by combining encryption technology with strong user access procedures.

By the sensible layering of security procedures, a testing program will significantly reduce the likelihood of or the amount of damage of a breach. When it comes to test security, I say, “More layers, please.”


Print Friendly