The World's Only Test Security Blog

Pull up a chair among Caveon's experts in psychometrics, psychology, data science, test security, law, education, and oh-so-many other fields and join in the conversation about all things test security.

How to Determine Your Risks to Enhance Your Test Security

Posted by Caveon

updated over a week ago

Protecting Valid Test Scores Takes Effort

We all engage in everyday preventative activities to protect what's most important to us: we lock our homes, hold our child's hand across the street, and password-protect our important accounts.

For those of us who work in testing, protection involves some slightly less automated actions. For example, we fortify our tests with a large number of items with AIG, we guard our exams against item theft with innovative exams, we prevent cheating through a variety of ever-adapting methods, and (most importantly) we uphold the shield of fairness to gain a true measure of a person’s ability.

Because our exams represent high-stakes decisions (like whether a high school senior gets the score necessary for their dream college or a nursing student becomes a practitioner) we must protect the validity of the scores our tests produce.

Unfortunately, test security is not one of those unconscious behaviors we engage in every day. We have to think about how to best protect our items and tests, then take deliberate actions (sometimes even extraordinary measures) to provide appropriate protection. It isn’t an easy job, but it is a vital one.

How to Enhance Your Test Security

Many testing professionals find the prospect of protecting their exams daunting. Where do you begin? What are the priorities? How do you go about knowing what to protect? Start by asking yourself these three essential questions. Next, conduct a risk assessment (steps below) and figure out what the greatest threats are to your specific program.

1. Determine What Test Security Threats Exist

Testing programs today are bombarded by what seems to be an overwhelming list of threats (view all the threats that can impact your program in this document that identifies all possible test security threats.) We know that a compromised test can lead to the loss of carefully-crafted test items, liability resulting from unqualified individuals performing a job, damage to a testing program’s reputation, and the loss of trust in an individual’s exam scores. Because of this, it's important to understand what threats exist and how they can impact your specific program. 

2. Find Out What Threats Pose The Greatest Risk to Your Program

In trying to mitigate the consequences of test security threats, it is easy to get inundated by just how many ways someone can cheat or steal questions. Fortunately, for every program, there are certain threats that are more dangerous than others; there are threats that hold the greatest risk because they will do the most damage. While one program might be plagued by thoughts of unauthorized access to the item banking system, another might be concerned with the unsanctioned distribution of items over the Internet. Every testing program is unique, and as such, the threats to every program are unique. The key to effective test security is figuring out which threats pose the greatest risks to your specific program, and focusing your resources there. 

Let’s use an example from the non-testing world to clarify. There are numerous ways to protect a building from burglars: locks on windows and doors, video cameras, guard dogs, iron gates, security alarms, etc. However, not every building needs to employ the same security measures to effectively protect it. While it makes sense for a bank to employ armed guards and devices to detect someone tunneling into their vault, it doesn’t make much sense to have those same measures to protect your apartmentlocks, alarms, and maybe a dog will suffice. The same is true for test security measures; there is no one-size-fits-all solution. To be effective, security policies need to be tailored to address the threats that are the highest risk for each specific program.

Fortunately, figuring out the greatest risks to your program is straightforward. The Caveon Risk Assessment Tool is quick and free, and it will help you quantify your test security threats and prioritize which actions should be taken. Every testing program, whether new to test security or long-standing, should regularly conduct a risk assessment using this tool to confirm they are allocating their test security resources in the most effective ways possible.

How the Risk Assessment Tool Works

If you open the Caveon Risk Assessment Tool, you will notice that it divides the threats every testing program faces into two categories: cheating and theft. Think of cheating as the things that an individual might do to increase or better their test score. Think of theft as the stealing of items so that other people can increase their test scores. These two categories have multiple examples of activities that describe how threats to test security occur.

To complete your risk assessment, rank each example of cheating or theft; provide a score for the likelihood (How likely is this event to occur?) and the damage (If the event were to occur, how much would it damage your program?). Our comprehensive algorithm will calculate the likelihood times the damage to give each threat a combined score.

When you’re finished, you will have a prioritized list of test security threats. This will help you confirm or rebuke your uncertainties regarding the security of your program and give you a path to tackle your most salient test security concerns.

Other Ways to Utilize Caveon's Risk Assessment Tool

Make It a Group Activity

The risk assessment tool can also be used as a collaborative effort within your organization to provide you with valuable insights. You can compare your results to find answers to questions like “Does everyone on the team view the same test security threats as most important?” “Are there differences?” “And, if so, why?”

Create A Comprehensive Plan

The results of this analysis provide you with a personalized roadmap to protect your tests, which then allows you to choose the various test security elements that will be most effective in mitigating the biggest threats to your program. Once you’ve put a comprehensive action plan in place to address these threats, you can come back within a year’s time, complete the risk assessment again, and see if those test security priorities have changed.


Remember that one size doesn’t fit all. One program’s test security roadmap is not going to be the same as the next program’s. Each testing program needs to consider its budget, solution effectiveness, and resource requirements. Each program needs to set realistic expectations and tackle the most salient problems first.

Test security may never become an unconscious behavior like turning off the stove. However, we can take steps to understand the most prominent threats and streamline the process of mitigating risk, and provide the best form of protection for our most valuable assetsour exams.

About Caveon

For more than 18 years, Caveon Test Security has driven the discussion and practice of exam security in the testing industry. Today, as the recognized leader in the field, we have expanded our offerings to encompass innovative solutions and technologies that provide comprehensive protection: Solutions designed to detect, deter, and even prevent test fraud.

Topics from this blog: Test Security Consulting Test Security Basics Prevention Measures Test Security Plan