-
The Defense Department announced today the 4th edition of its Web-based e-learning standard, used by government, commercial and international agencies, allowing organizations to easily exchange online learning, training and educational content. Known as the Advanced Distributed Learning (ADL) Sharable Content Object Reference Model (SCORM) 2004, this e-learning standard ensures the learning experience and performance data tracking is consistent in the distribution of training courses via the Internet, and allows for online collaboration between users.
-
The SCORM community is abuzz these days with talk about the security (or lack thereof) in SCORM. As an “alpha-scormmie”, I’d like to share some of my perspectives on the issue and try to put things in context.
The crux of the issue is that since SCORM communication uses JavaScript in a web browser it is inherently insecure and can be spoofed by any semi-competent web developer who knows a little bit about SCORM. This means that somebody who knows what they are doing can trick an LMS into thinking that a course was completed using some rather simple scripting.
-
My earlier post, The Importance of Security and Integrity of Performance Data addressed a specific emerging SCORM security issue. It also raised the issue of “Defense in Depth” as an approach for improving security. Here are some defense in depth approaches you can use right now to increase security and decrease vulnerability.