1 / 17

Privacy and Security Challenges in Online Learning Environments

Explore the privacy and security issues faced by online learning environments, including student authentication, confidentiality, and data integrity. Discover effective solutions for ensuring privacy and security in online courses.

cguerra
Download Presentation

Privacy and Security Challenges in Online Learning Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Columbus State University

  2. Privacy and Security Issues in Online Learning Environmentshttp://csc.colstate.edu/summers/Research/privacy-and-security-issues.ppt

  3. Goals • Confidentiality (privacy) - limiting who can access assets of a computer system. • Integrity (authentication) - limiting who can modify assets of a computer system. • Availability (authorization) - allowing authorized users access to assets. Columbus State University

  4. Problems • Student authentication • How do we get user ids/passwords to students? • How do we authenticate students for the first time? • How do we ensure confidentiality and privacy for our students? • How do we ensure security in an online course? • How do we help students maintain security on their personal computers / networks? Columbus State University

  5. Solutions (authentication) • Face-to-face class – no problem (ask for picture IDs) • Blended class – also no problem (ask for picture IDs) • Online classes • Require a class meeting to distribute user ids / passwords • Require student come to campus to pick up ID/password • E-mail ids / passwords • Use a standard format with required change of password • Add biometric authentication as front-end to CMS • Use a federated ID management system (portal) • Password Policy Columbus State University

  6. Solutions (privacy) • Face-to-face class • Nothing assumed • Blended class (online portion does not ensure privacy) • Online classes (typically NOT encrypted) • “You have zero privacy anyway. Get over it.” (Scott McNealy, CEO, Sun Microsystems, 1999). • “Privacy is the future. Get used to it.” (Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001). • Email • Chat rooms • Discussion Groups • File Space • Privacy Policy Columbus State University

  7. Privacy policy • E-mail • All email between students and between student and faculty will be kept confidential • Discussion Groups • All discussions are designed to be public unless specifically indicated as private • Chat Rooms • All chat discussions are designed to be public unless specifically indicated as private • Student File Space • Student Files • Homepages • MyGrades • MyProgress • http://www.ils.unc.edu/daniel/210user/privacy.html • http://csc.colstate.edu/summers/Notes/privacy.html Columbus State University

  8. Internet-specific privacy issues • Personal information collected during registration • Information provided by browsers • IP address • computer name • link followed to reach site • browser type • browser plug-ins • operating system • Information in cookies • SHOULD WE HAVE A PRIVACY POLICY ON CLASS WEBSITES ADDRESSING THIS? Columbus State University

  9. Security in an online course • Problems: • Course Management Systems (e.g. WebCT) do not typically use encryption • Cookies must be enabled • Java must be enabled • Tied to portal log-in Columbus State University

  10. Security in an online course (cont’d) • Solutions: • Limit access to online courses by authorized students only • Make sure the browser on your computer is not set to store your log-in information. • Make sure to click on Logout when finished with your session. Close the browser. Columbus State University

  11. Solutions (security) • Apply “defense in-depth” • Run and maintain an antivirus product • Run and maintain anti-spyware software • Keep your patches up-to-date • Do not run programs of unknown origin • Disable or secure file shares • Deploy a firewall • Policy (Design sound policies) Columbus State University

  12. Critical Microsoft Security Bulletin MS03-039 • Verify firewall configuration. • Stay up to date. Use update services from Microsoft to keep your systems up to date. • Use and keep antivirus software up-to-date. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on email servers and gateways. • You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. (http://www.microsoft.com/protect) Columbus State University

  13. Defending against information sabotage • Analyze your risks. • Plan for disasters. • Write and implement policies. • Install front-end security.  • Install back-end security for additional protection.  • Install physical security. • Protect against viruses. • Install firewalls. • Use encryption. • Use backups. http://www.star-host.com/library/secure.htm Columbus State University

  14. Conclusions • Layered Defense • Culture of Security • Security Policy • Acceptable use statements • Password policy • Privacy policy • Training / Education • Education Columbus State University

  15. “The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…” Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003. Columbus State University

  16. Resources • http://www.sans.org • http://www.cert.org • http://www.cerias.purdue.edu/ • http://www.linuxsecurity.com/ • http://www.linux-sec.net/ • http://www.microsoft.com/security/ • Cuckoo’s Egg – Clifford Stoll • Takedown – Tsutomu Shimomura • The Art of Deception – Kevin Mitnick Columbus State University

  17. Bibliography • Privacy Policy Statements for WebCT - http://www.webct.com/ask_drc/forum/message?discussion=30469&topic=35986&message=35986&style=e • Privacy and online learning by Roger Gabb of Centre for Educational Development and Support, Victoria University http://ceds.vu.edu.au/conferences/elearning/slideshow/rgabbSlides.txt • http://www.webct.com/ • http://www.ecollege.com Columbus State University

More Related