Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

Empirical research on information security trends and practices in e-learning is scarce. Many articles that have been published apply basic information security concepts to e-learning and list potential threats or propose frameworks for classifying threats. The purpose of this research is to identify, categorize and understand trends and issues in information security in e-learning as reflected in the discussions on a ‘Security and Privacy’ discussion forum of the Moodle learning management system. Four primary themes were identified, as two-thirds of the security related threads on the discussion board addressed the following topics: authentication, permissions, attacks and Moodle configuration. This study should be of interest to educators in information systems management on several levels. First of all, as users and in some cases ad-hoc administrators of learning management systems, the themes and trends identified should increase awareness of security issues inherent in the platform. Secondly, this article serves as a descriptive case study on how security issues are described, discussed and dealt with by developers, users and administrators within the open source software development paradigm

Security of information in university eLearning systems

The increase in popularity of university eLearning platforms, supporting traditional methods of education, as well as new communication tools development, make the security issues of information stored in these systems becoming increasingly important. The general discussion on security issues in e-learning was inaugurated by M. K. Littman [1] already in 1996. This document has been prepared to identify data security threats existing in a very specific group of computer systems - university eLearning platforms. As a result of the security incidents database analysis and user behavior described in the literature, thirteen security areas have been defined. Activities undertaken in particular areas, described during the data analysis, have a significant impact on at least one of three basic elements of information security

Security Specialists are from Mars; Healthcare Practitioners are from Venus: The Case for a Community-of-Practice Approach to Security Architectures for Healthcare

Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically deploy user-centred, participatory approaches to design using various forms of consultation and engagement in order to ensure that the needs of users are responded to within the design. Learning from international implementations of e-health, the development of the Australian electronic health records (EHR) system has been a participatory process. However, the more participatory approach has not been used as part of the technical security design of the e-health system and the functionality of the security governance architecture was not included in the process of consultation. Such exclusions result in a design-reality gap in so far as the healthcare systems as envisioned by designers are not easily related to by “front-line” clinical staff. Despite repeated design-reality issues in healthcare systems design, there is no fundamental change in the development paradigm to address the socio-technical security aspects of such systems. Indeed, the security perspective of system designers seems to originate from a very different perspective to that of front-line clinical staff. This discussion paper characterises the problem, uses examples from both the UK and Australian EHR experience, and proposes an alternative start-point to healthcare systems design

Security Specialists are from Mars; Healthcare Practitioners are from Venus: The Case for a Community-of-Practice Approach to Security Architectures for Healthcare

Information security is a necessary requirement of information sharing in the healthcare environment. Research shows that the application of security in this setting is sometimes subject to work-arounds where healthcare practitioners feel forced to incorporate practices that they have not had an input into and with which they have not engaged with. This can result in a sense of security practitioners and healthcare practitioners being culturally very different in their approach to information systems. As a result such practices do not constitute part of their community of practice nor their identity. In order to respond to this, systems designers typically deploy user-centred, participatory approaches to design using various forms of consultation and engagement in order to ensure that the needs of users are responded to within the design. Learning from international implementations of e-health, the development of the Australian electronic health records (EHR) system has been a participatory process. However, the more participatory approach has not been used as part of the technical security design of the e-health system and the functionality of the security governance architecture was not included in the process of consultation. Such exclusions result in a design-reality gap in so far as the healthcare systems as envisioned by designers are not easily related to by “front-line” clinical staff. Despite repeated design-reality issues in healthcare systems design, there is no fundamental change in the development paradigm to address the socio-technical security aspects of such systems. Indeed, the security perspective of system designers seems to originate from a very different perspective to that of front-line clinical staff. This discussion paper characterises the problem, uses examples from both the UK and Australian EHR experience, and proposes an alternative start-point to healthcare systems design

National Security Pedagogy: The Role of Simulations

This article challenges the dominant pedagogical assumptions in the legal academy. It begins by briefly considering the state of the field of national security, noting the rapid expansion in employment and the breadth of related positions that have been created post-9/11. It considers, in the process, how the legal academy has, as an institutional matter, responded to the demand. Part III examines traditional legal pedagogy, grounding the discussion in studies initiated by the American Bar Association, the Carnegie Foundation, and others. It suggests that using the law-writ-large as a starting point for those interested in national security law is a mistake. Instead, it makes more sense to work backwards from the skills most essential in this area of the law. The article then proposes six pedagogical goals that serve to distinguish national security law: (1) understanding the law as applied, (2) dealing with factual chaos and uncertainty, (3) obtaining critical distance—including, inter alia, when not to give legal advice, (4) developing nontraditional written and oral communication skills, (5) exhibiting leadership, integrity, and good judgment in a high-stakes, highly-charged environment, and (6) creating continued opportunities for self-learning. Equally important to the exercise of each of these skills is the ability to integrate them in the course of performance. These goals, and the subsidiary points they cover, are neither conclusive nor exclusive. Many of them incorporate skills that all lawyers should have—such as the ability to handle pressure, knowing how to modulate the mode and content of communications depending upon the circumstances, and managing ego, personality, and subordination. To the extent that they are overlooked by mainstream legal education, however, and present in a unique manner in national security law, they underscore the importance of more careful consideration of the skills required in this particular field. Having proposed a pedagogical approach, the article turns in Part IV to the question of how effective traditional law school teaching is in helping to students reach these goals. Doctrinal and experiential courses both prove important. The problem is that in national security law, the way in which these have become manifest often falls short of accomplishing the six pedagogical aims. Gaps left in doctrinal course are not adequately covered by devices typically adopted in the experiential realm, even as clinics, externships, and moot court competitions are in many ways ill-suited to national security. The article thus proposes in Part V a new model for national security legal education, based on innovations currently underway at Georgetown Law. NSL Sim 2.0 adapts a doctrinal course to the special needs of national security. Course design is preceded by careful regulatory, statutory, and Constitutional analysis, paired with policy considerations. The course takes advantage of new and emerging technologies to immerse students in a multi-day, real-world exercise, which forces students to deal with an information-rich environment, rapidly changing facts, and abbreviated timelines. It points to a new model of legal education that advances students in the pedagogical goals identified above, while complementing, rather than supplanting, the critical intellectual discourse that underlies the value of higher legal education

Risks and remedies in e-learning system

One of the most effective applications of Information and Communication Technology (ICT) is the emergence of E-Learning. Considering the importance and need of E-Learning, recent years have seen a drastic change of learning methodologies in Higher Education. Undoubtedly, the three main entities of E-Learning system can be considered as Student, Teacher & Controlling Authority and there will be different level, but a good E-Learning system needs total integrity among all entities in every level. Apart from integrity enforcement, security enforcement in the whole system is the other crucial way to organize the it. As internet is the backbone of the entire system which is inherently insecure, during transaction of message in E-Learning system, hackers attack by utilising different loopholes of technology. So different security measures are required to be imposed on the system. In this paper, emphasis is given on different risks called e-risks and their remedies called e-remedies to build trust in the minds of all participants of E-Learning system

A tutorial task and tertiary courseware model for collaborative learning communities

RAED provides a computerised infrastructure to support the development and administration of Vicarious Learning in collaborative learning communities spread across multiple universities and workplaces. The system is based on the OASIS middleware for Role-based Access Control. This paper describes the origins of the model and the approach to implementation and outlines some of its benefits to collaborative teachers and learners

Emergency Management Training for Transportation Agencies

State transportation agencies have a variety of responsibilities related to emergency management. Field personnel manage events--from day-to-day emergencies to disasters--using the Incident Command System (ICS) as their organizational basis. At the headquarters level, the Emergency Operations Center (EOC) coordinates the use of resources across the department and its districts, with other state departments and agencies, and through the federal Emergency Support Function 1. District-level EOCs coordinate with the department. In extreme events, the transportation department may only be able to deliver limited essential services in austere conditions, so a continuity of operations/ continuity of government plan (COOP/COG) is essential. This research applied the principles of andragogy to deliver ICS field level training, EOC training and COOP/COG training to state transportation agency’s staff in all districts and at headquarters. The data supports the need for adult-oriented methods in emergency management training