NOTE! This site uses cookies and similar technologies.

If you not change browser settings, you agree to it.

I understand

PragoData Consulting, s.r.o.

Security of internet technologies is relatively wide issue. If we think about the security of education system, we can identify at least two areas that are important to deal with security.

In first case there is an area of ensuring security from the side of end-user, where is worth to keep general principles of cyber security (e.g. the rules for creating passwords, regularly updates of antivirus software, never open the attachment of emails from untrusted senders, etc.). There is especially important to establish internal instructions and guidelines in the field of safe use of IT and carry out the continuous education and training of its employees in the area of cyber security.
The second field where is important to think about the security of e-learning is the security of system. We have this problem more in our hands and it is worth to think about it already within the choosing the design of the educational system.
As a supplier of national and international e-learning solutions for the corporate, public and academic sector, we create the solutions for security requirements of our education systems.
We meet some requirements for security of education that are very common across our customers. According to these requirements and our long experiences we are able to target 4 key fields that are important for integrity of our e-learning solutions.

  1. Registration and authentication of user´s accounts

System must support as the direct registration of user´s accounts and authentication of user against the local database of users as the loading/creating of user´s structurers and the basic (global) roles from the directory servers like LDAP and ensure the authentication of user via LDAP protocol.
The result of authentication is given by answer of LDAP server. If the result is positive, user is logged into the system (system eventually creates the new user account). If the result is negative, user is not allowed to log into the system (system eventually could suspends/blocks the user account).
The recent trend push more pressure on the multi-factorial authentication that ensure the restriction of abuse of user account in case of compromise of user name and password.

2. Advanced management authority

System must support the advanced management authority (user roles). Each user has given the role which allowed him to have the access just to those functionalities of system, data and information for which users/roles have permission. The major advantage of the system is also the fact that system is able to create the new roles (respectively the system allowed to customize the default created roles) so client can define and modify the user roles and its authority according to his needs.
It may include the permission to send messages and notifications, student assessment, system administrations, creating new courses or access to audit records and logs.

3. Restriction of course registration based on criteria

Another key functionality of the system for management of education is to restrict the access to course and study materials according to selected criteria. For example, according to the defined target groups, premises and continuity, time restriction or other conditions.
The course and its study materials can be accessible only for users that belong to its target group or only for users that meet requirements that are given for the study course. Otherwise users do not have the access to this course or users cannot see it.

4. Event registration

The evidence (logging) of events and managing the audit of log is the last requirement for security of system. The system must record the events that takes place within its framework. The ideal is not to restrict logging to only system events, but to extend logging ideal for any activity that takes place in the system. The important feature of the system is that neither the administrator can modify the audit log.
For example if someone activate the automatic actualization of system, or if someone edit the educational materials or manually change the student´s final grade from the test, within these activities must be findable which user, under which specific role, from which IP address and when someone made these changes.

These four key fields that are mentioned above represent basic security requirements for top e-learning system. It is visible that these fields are quite wide and we can continue to work with them.
If you also think about implementation of e-learning within your company, we believe that this article could help you to make up the basic overview about security aspects of e-learning systems.

 secure elearning