Let's think about how you would compromise either file type. Unless there is password protection and an encrypted file, anyone with access to the server where the files are stored (data at rest, not data in motion – since you are using SSL to protect the communications pipe) could edit the file and change the data. That person could even mess with the metadata in either PDF or a Word file, which would leave no trace of the edits.
As mentioned above, the only real difference in the process you described is that the students need to actually hand-write the answers on the PDF, which inherently adds a level of verification to the authenticity of the information. But if the students were to print out the Word file and hand-write it, and then scan it back in, the processes are roughly the same.
Ultimately, I think some measure of encryption and digital signature would be required whenever a file is submitted in order to feel good about the security of the documents and the integrity of the tests.
For more information:
- Security pro Joel Dubin discusses the pros and cons of using PKI systems for laptop encryption.
- Discover the best ways to compare PKI products and vendors for enterprise implementation.
Dig Deeper on PKI and digital certificates
Related Q&A from Mike Rothman
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.