Data Provider → Application Provider
|
End-point input validation
|
Application-dependent. Spoofing is possible.
|
Real-time security monitoring
|
Vendor-specific monitoring of tests, test-takers, administrators, and data.
|
Data discovery and classification
|
Unknown
|
Secure data aggregation
|
Typical: Classroom-level.
|
Application Provider → Data Consumer
|
Privacy-preserving data analytics
|
Various: For example, teacher-level analytics across all same-grade classrooms.
|
Compliance with regulations
|
Parent, student, and taxpayer disclosure and privacy rules apply.
|
Government access to data and freedom of expression concerns
|
Yes. May be required for grants, funding, performance metrics for teachers, administrators, and districts.
|
Data Provider ↔
Framework Provider
|
Data-centric security such as identity/policy-based encryption
|
Support both individual access (student) and partitioned aggregate.
|
Policy management for access control
|
Vendor (e.g., Pearson) controls, state-level policies, federal-level policies; probably 20-50 different roles are spelled out at present
|
Computing on the encrypted data: searching/filtering/deduplicate/fully homomorphic encryption
|
Proposed 36
|
Audits
|
Support both internal and third-party audits by unions, state agencies, responses to subpoenas.
|
Framework Provider
|
Securing data storage and transaction logs
|
Large enterprise security, transaction level controls—classroom to the federal government.
|
Key management
|
CSOs from the classroom level to the national level.
|
Security best practices for non-relational data stores
|
---
|
Security against DDoS attacks
|
Standard.
|
Data provenance
|
Traceability to measurement event requires capturing tests at a point in time,which may itself require a Big Data platform
|
Fabric
|
Analytics for security intelligence
|
Various commercial security applications
|
Event detection
|
Various commercial security applications
|
Forensics
|
Various commercial security applications
|
