BreachExchange mailing list archives
State finds security breach during STAR testing at Canyon Crest Academy
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 20 Aug 2013 02:32:01 -0400
http://www.delmartimes.net/2013/08/19/55533/ According to a news release posted by the California Department of Education Aug. 9, heightened monitoring of the state’s Standardized Testing and Reporting (STAR) assessments, taken by public school students in grades 2-11 last spring, identified 242 schools where social media postings occurred during administration of the tests, 16 of which included postings of test questions or answers. Last year, the CDE detected 216 schools, 12 of which had postings that included legible test questions or answers. Canyon Crest Academy, in the San Dieguito Union High School District, was one of the 226 this year that was tagged as a school where a student posted an image or video on a social media site that did not include legible test items. Nonetheless, the CDE posted the school’s STAR report this year with this statement: “A security breach involving social media exposure of 2013 STAR test material has been confirmed at this school site. Caution should be used when interpreting these results.” Mike Grove, SDUHSD’s associate superintendent of educational services, said one student during the mathematics portion of the STAR tests used a cell phone to take a six-second video inside the classroom and posted it on the social media site VINE. The video did not show the test questions or answer sheets, just the students in the class with the proctor present. But with stringent attention being paid to security issues, the state flags any postings taken during the STAR testing period that show classrooms, STAR booklets (even if closed) or other STAR-related photos or video. “This is a growing issue across the state, so the CDE is monitoring very closely any potential security breach,” Grove said. “Just the mere use of a cell phone can trigger attention.” He said scores for that one student were invalidated for that single STAR math test, and the school’s score will not be affected. In 2012 the district had two incidents, Grove said, both at San Dieguito Academy in Encinitas. One student posted a photo of a closed and finished STAR booklet, and a second student posted a photo of a friend sitting nearby after testing was concluded. Grove said a search of STAR during the testing period will produce hundreds of hits, and the state investigates all of them. The security breaches have to happen during a testing period. The incidents are rarely malicious with intent to cheat or distribute secure information, he said, although some are. In addition to Canyon Crest Academy this year, four schools in the San Diego Unified School District were also flagged with security breaches, but none of those involved the display of test items. According to the CDE, the majority of postings involved students posing with the covers of test booklets or with materials that were not legible. “These postings look to be attempts by students to gain attention among their friends, not an effort to gain an advantage on a test,” said CDE deputy superintendent Deb Sigman, who oversees assessments and accountability issues. According to the CDE news release, “If a security breach affects less than 5 percent of the number of students tested, the school is ineligible for academic awards. If the breach affects more than 5 percent of the number of students tested, the school’s API – the state’s measure of accountability – could be invalidated.” [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- State finds security breach during STAR testing at Canyon Crest Academy Jake Kouns (Aug 20)