This report summarizes more than a decade of experiences with implementing computer-based testing across a 4-year medical curriculum. Practical considerations are given to the fields incorporated within an item database and their use in the creation and analysis of examinations, security issues in the delivery and integrity of examinations,…

The explosion of Web 2.0 into libraries has left many smaller academic libraries (and other libraries with limited computing resources or support) to work in the cloud using free Web applications. The use of commercial Web hosting is an innovative approach to the problem of inadequate local resources. While the idea of insourcing IT will seem…

Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

A universal problem to our society is the dramatic increase in the number of security threats, risks, and vulnerabilities to our nation's computer systems, data, and infrastructure. Our future success depends upon the problem-solving and thinking abilities of professionals entering the Information Assurance and Security (IAS) field. These…

Since the signing of the Higher Education Opportunity Act (HEOA) in August 2008, providers of distance education courses and programs have been looking into procedures and technologies that will satisfy the accrediting agencies responsible for enforcing the law. Continuing education administrators are at the forefront because of the pervasiveness…

Phishing e-mails deceive individuals into giving out personal information which may then be utilized for identity theft. One particular type, the Personal Solicitation E-mail (PSE) mimics personal letters--modern perversions of "ars dictaminis" (the classical art of letter writing). In this article, I determine and discuss 19 appeals common to the…

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

Testing and data integrity on statewide assessments is defined as the establishment of a comprehensive set of policies and procedures for: (1) the proper preparation of students; (2) the management and administration of the test(s) that will lead to accurate and appropriate reporting of assessment results; and (3) maintaining the security of…

Identification and access management has been among the top security issues facing institutions of higher education. Most institutions of higher education require end users to provide usernames and passwords to gain access to personally identifiable information (PII). This leaves universities vulnerable to unauthorized access and unauthorized…

This paper discusses the importance of ethics and social responsibility in information systems (IS) education. The many public scandals of corporate misconduct have increased the need for more emphasis to be placed on ethics and ethical issues in IS education. The authors describe how the inclusion of ethics and social responsibility in the IS…

Low-cost personal computers, wireless access technologies, the Internet, and computer-equipped classrooms allow the design of novel and complementary methodologies for teaching digital information security in electrical engineering curricula. The challenges of the current digital information era require experts who are effectively able to…

The "twisted cyber spy" affair began in 2010, when Google was attacked by Chinese cyber-warriors charged with stealing Google's intellectual property, planting viruses in its computers, and hacking the accounts of Chinese human rights activists. In the ensuing international embroglio, the US mainstream press, corporate leaders, and White…

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

As the ranks of educators on Twitter grow, more and more are heard about the importance of their "PLNs" (a term reportedly coined by educational technology guru David Warlick). A PLN, or Personal Learning Network, is a group of like-minded professionals with whom one can exchange ideas, advice, and resources. So why shouldn't students have PLNs of…

Will that data breach be the end of a chief security officer (CSO)? Managing information security in higher education requires more than just technical expertise, especially when the heat is cranked up. This article takes a look at how two CSOs deal with hack attacks at their universities. When Purdue University Chief Information Security Officer…