Looking at how students deal with security questions

Taking care not to give too much away (as some of our students are still taking this assignment). I have been fascinated by the ‘crowd behaviour’ relating to the similarity of each answer, relating to a specific security question presented in the assignment.

To maintain the intellectual integrity of the assessment, I cannot tell you what the question or the answer is. But what I will say is that the control methodology being used by each student in the context of the question is almost identical.

Ah, so they are cheating ... you declare.

Sadly not, this is a distance learning course, the face to face experience is not for another two-three weeks yet, therefore the students are distributed nationally (in fact internationally in a select few cases).

Ok, so they have seen the question before ...

No, its a unique question, detached from the Cisco Academy norm, students can search the internet to their ultimate contentment, but they will find nothing that will support the idea of the question. Furthermore this is the first time the question has been released into the wild.

So, what is the excitement, you may ask. Whilst I need to look into this and remove any confounding factors. My immediate thoughts from a security focussed perspective is.

  1. They are using Cisco recommended security policies, therefore the devices defence is known to the offender
  2. The conformist thought patterns being demonstrated by the students would preclude that anyone understanding this could devise a non-conformist approach to undermine the defence in place.

Whilst I am exploring this, I have one last and ultimate thought, is that it may be a badly designed question, something I could live with.

Andrew Smith
Follow me on Twitter: @teraknor


Comments

Popular posts from this blog

If airlines offer in-flight Wi-Fi, they should invest in an extra black box for security ...

Wikipedia editors never walk alone: Hillsborough changes can be traced ... from @ConversationUK

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK