What is the best way to administer exams to students via computer?

What is the best way to administer exams to students via computer?

I work for a university that is considering having students take examinations on computers. One option is to have lecturers create exams as Microsoft Word files that are uploaded to an HTTPS server and then downloaded in public computer labs, where the students take the exams. Completed exams are uploaded to the HTTPS server. The other option is to have lecturers convert exams to PDF files and upload them to the HTTPS site; the PDFs are downloaded and printed out and students do their exams by hand. Completed exams are scanned and uploaded back to the HTTPS site. It seems obvious to me that excluding the labs from the process would reduce risk considerably. What's your view?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The first issue that jumps out at me is authentication. It's not clear from your brief description how you plan to make sure that the right student is actually the one submitting the document. In the case of the Word file, there is really no way to enforce that, unless some kind of digital signature system is enforced to "sign" the paper as it's submitted.

The case of the uploaded PDFs provides a bit more integrity in the system because handwriting can be verified. I would suggest taking a step back and finding out what the business need is for the students to submit the tests online. Is this a distance learning environment? Is there an issue with using paper? I guess I'm dating myself, but the processes as described seems to be a solution looking for a problem, which isn't clear from your question.

There are many educational learning systems available today that would allow students to take tests online. Filling out questions, either multiple choice or essay and having the data deposited into a database for grading, etc., would be a better option than the kluge that you described.

In terms of the public computer labs, I'm not sure how you would restrict access. In a university setting, students need to be able to access the systems from anywhere on campus. Are you suggesting that they can only take the tests, or upload the files from a central place? Again, that would seem to defeat the purpose of the automation in the first place.

That's why I'll go back to the first statement I made about authentication. If you have the proper way to verify identity, then where the students access the system or upload files doesn't really matter.

For more information:

  • In this tip, Noah Schiffman discusses the positive and negative aspects of both IP-based and signature-based email authentication.
  • Joel Dubin explains why identity-enabled network devices offer an extra layer of authentication.

    • This was first published in January 2008