
	Home > Ask the Security Experts > Security Management Questions & Answers > Should computer exams be transmitted as PDF files or Word files?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Should computer exams be transmitted as PDF files or Word files?

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 14 January 2008
If a university is planning on administering exams to students via computer, would be less risky to transmit PDFs rather than Word files?

EXPERT RESPONSE
There is no easy answer to this question because the inherent security of any system is based on more than just the file's form factor. To generalize, there is more security built into Acrobat than Word. Documents can be digitally signed more readily in Acrobat, but that doesn't mean the system will be more secure.

Let's think about how you would compromise either file type. Unless there is password protection and an encrypted file, anyone with access to the server where the files are stored (data at rest, not data in motion – since you are using SSL to protect the communications pipe) could edit the file and change the data. That person could even mess with the metadata in either PDF or a Word file, which would leave no trace of the edits.

As mentioned above, the only real difference in the process you described is that the students need to actually hand-write the answers on the PDF, which inherently adds a level of verification to the authenticity of the information. But if the students were to print out the Word file and hand-write it, and then scan it back in, the processes are roughly the same.

Ultimately, I think some measure of encryption and digital signature would be required whenever a file is submitted in order to feel good about the security of the documents and the integrity of the tests.

For more information:

Security pro Joel Dubin discusses the pros and cons of using PKI systems for laptop encryption.

Discover the best ways to compare PKI products and vendors for enterprise implementation.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	What's your advice for getting other business units to contribute to crafting an effective information security policy?
	How can organizations secure implanted microchips and RFID tags?
	Any recommendations for recruiting information security pros?
	I am concerned that a former employee will utilize corporate information in a malicious way.
	Is it necessary to grant a full administrative privileges to a security administrator?
	Recently I found my computer's serial number had been reported stolen. Will I face legal repercussions?
	What are the possible benefits of microchip implants and RFID tags for employees?
	Is it against HIPAA regulations to permanently store sensitive information?
	Two-tier distributed systems vs. three-tier distributed systems
	How to prevent software piracy

PKI and Digital Certificates

What is the best way to administer exams to students via computer?

Should PKI systems be used for laptop encryption?

Email authentication showdown: IP-based vs. signature-based

VeriSign to shed businesses, return to security roots

How do anonymous credentials and selective disclosure certificates affect enterprise IAM?

Choosing from the top PKI products and vendors

Can the symmetric encryption algorithm for S/MIME messages be changed?

Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures

Creating a personal digital certificate

What are the alternatives to RC4 and symmetric cryptography systems?

PKI and Digital Certificates Research

Disk Encryption and File Encryption

Sophos to acquire mobile data protection company Utimaco

How can 'DRAM remanence' compromise encryption keys?

Growing Mac use prompts call for better security

Websense, Reconnex top Forrester ranking of DLP vendors

Embedded Security Safeguards Laptops

Should whole disk encryption products be used with data backup software?

Does FTPS encrypt data packets at the hardware or software level?

Should disks be encrypted at the hardware level?

Is Triple DES a more secure encryption scheme than DUKPT?

Windows BitLocker: Enabling disk encryption for data protection

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

authentication server (SearchSecurity.com)

Certificate Revocation List (SearchSecurity.com)

Digital Signature Standard (SearchSecurity.com)

HDCP (SearchSecurity.com)

MD2 (SearchSecurity.com)

MD4 (SearchSecurity.com)

MD5 (SearchSecurity.com)

nonrepudiation (SearchSecurity.com)

PKI (SearchSecurity.com)

public key (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy