E-Training Security
Secure e-training courses against piracy: Etraining security
What is etraining security?
If you consider etraining as a subject, then you will realize that there is more than one dimension to the security requirements that have to be met.
At the most obvious level etraining course providers need to ensure that only the people who have paid for the course can actually use the materials and gain the benefits. That means preventing people who have access to the course materials from being able to pass the on to others (piracy). But there is normally more to etraining than just stopping people passing training materials to their friends and co-workers.
Quite often etraining materials contain self-assessment programs, or contain example answers, or contain assessment methods that report to a supervisor and allow the issue of a certificate to those who have demonstrated adequate competence.
So those additional functions create extra security requirements, in two quite different ways.
The first is obviously the method underlying how students are assessed, which would include the definition of ‘correct’ answers. That information has to be protected in order to maintain the integrity of the training system and to ensure that the results, particularly if you issue a certificate directly, are not open to ready abuse.
Typically, an assessment method is prepared using flash as the medium. This is because it is interactive, and because it is able to respond to the data that is entered. Otherwise one needs a program to be coded, and that is significantly more difficult than programming in flash.
But the flash must be protected in order to prevent people from (as you can, these days, providing you have an email account, awarding yourself a degree in any subject you always wish you had studied) awarding themselves any certification they feel like, and any competence level they desire.
Now an uncontrolled kind of situation would be rather wild, and could devalue many training courses that are not protected, and could undermine confidence in the whole etraining service.
The second is, of course, to protect the creation of the certificate itself, or the underlying information used by the training course provider to validate the content of the certificate.
It used to be commonplace for organizations to issue certificates that stated that specific individuals had taken part in a training course (meaning that they had showed up and stayed until the end of the course), but industry soon realized that kind of analysis was unhelpful and looked for something better – with metrics in it.
Today there has to be a level of pass or fail in etraining courses. And that is why they need security. Because if they do not have etraining security protecting their intellectual property (the right answers, the correct result, the issue of a valid certificate expressing the correct degree of competence) then they are not going to be in business for long.