Fighting Fire: The ITCC Incident Matrix

When viewing the entire IT certification landscape, the multitude of problems posed by cheating on certification exams probably often seems like a plume of smoke from a far-off wildfire. There’s visible evidence of danger and destruction, but unless the flames are literally beneath your nose, then it’s easy to discount the damage done and tuck the incident into a file marked “Pending Action: Must Address Someday.”

Perhaps the issue can be contained without needing to be stamped out. Maybe it will eventually subside and disappear altogether. Don’t wildfires sometimes burn out and dwindle away without any direct intervention from human responders?

Cheating on exams, of course, may represent the destructive flames of our metaphorical wildfire. There are a host of contributing factors, however, which could be seen as acting in the same manner as wind, or deadfalls and dry brush: causing the initial burn to spread and rage out of control. If these exacerbating agents could be better managed, then the fires, when they break out, might be easier to confront.

Actual firefighters don’t typically have the means or information needed to mitigate the ruinous impact of wildfires before they strike. Those who manage and administer IT certification programs, on the other hand, need not be taken by surprise when a cheating crisis emerges. With the right blend of precautions and active monitoring, certification programs can be fortified and protected against the devastating effects of cheating.

Ready and Waiting

Sometimes knowing where to start is among the biggest hurdles to overcome when tackling a complex and ongoing problem. The IT Certification Council, with a big assist from the certification team at Citrix, has designed an outline for certification programs to follow when assessing threats and implementing precautions. The ITCC Incident Matrix can be your test and testing protection blueprint, guiding you in securing both exam materials and the exam process itself.

One early indication of brewing trouble, for example, is exam candidates using forums, chat rooms, list mail, or other means to ask about the availability of content from past or current certification exams. The inquiry may sound harmless: “I’m preparing to take the XYZ exam and I’m wondering what to expect. Does anyone have any questions from past exams that I could look at?” The initial intent may even be harmless. Sinister ends don’t always arise from sinister intentions.

The ITCC Incident Matrix can help you determine the appropriate level of response to the various activities that either directly indicate, or could lead to, actions that compromise exam security. It can also help you know where to direct your monitoring. A candidate who retakes a certification exam after passing could merely be a perfectionist driven to pursue a better score. Seeking repeated exposure to exam content, on the other hand, could certainly be spurred by ulterior motives.

Cybersecurity experts are bound to be familiar with the “defense in depth” approach to information security, which uses multiple layers of security controls to protect an IT system. An attacker may penetrate one layer of protection, but get tangled in the next, or the one after that. The ITCC Incident Matrix can similarly help certification programs deploy multiple protections against cheating.

Cheating on certification exams may seem like a distant or insignificant problem. Just as wildfires can suddenly and dramatically increase in size and destructive intensity, however, the harmful consequences of cheating can quickly spiral out of control. The ITCC Incident Matrix can help you immediately embark on a course of proactive and preventive action.

ITCC Projects are for the use of ITCC  Members. To download, visit Basecamp or request a copy from ITCC HQ.

Article by: Cody Clark, Managing Editor, Certification Magazine

Leave a Reply

Your email address will not be published. Required fields are marked *