Re: Plethora of gradebooks, grade change audit.

[Matt Wimer <matt@cgibuilder.com>]

Bill,

I think i understand your position, but this kind of security is
difficult because there are no paper copies.  because
administrators own the machine(s) that will be used
to store the grades, nothing keeps a very adept DBA from
changing logs and database entries.

there are a number of ways i am thinking this can be fixed.

One way is to have the system create grade listings at the
end of each term for each teacher.  The teacher then has to supply
a pgp/gpg key to sign the listing.

These listings then have to be saved by the system.  and
if they aren't then it would be easy to show all the
"irregularities" are the turly the admistrators'.

A not nearly so complex system a but probaly as efective is just have
a simple transaction log created for every modification.  This
will probably be enough to show no wrong doing on the part of
the teacher.  This system(which is already planned) offer
quite a bit of security-via-obscurity.  about the only people
that could make mods that wouldn't be detectable would be
the authors.(myself and a few others that hack on the system.)

But again, signed logs seems to be about the only truely
secure way to prove that grades weren't changed.

code for sending out a memo probably would hassles teachers
and administrators more than what it would make up in true
security.

--matt wimer


On Sun, Dec 27, 1998 at 08:50:33PM -0800, Bill Ries-Knight wrote:
> Matt,
> All other items are straight forward, and we appreciate the response.  However, there
> is a good reason for the security on grade changes.
> 
> My wife is adamant that She (teacher) be the only one to set/change grades.  SOME
> administrators are hesitant to give FAILING grades, other individuals with the
> authority may have other reasons to change grades.  As the teacher, it is her
> responsibility to prove those grades, and be able to explain it for a full 10 years.
> Her concern was being able to prove an electronic grade was changed WITHOUT her
> knowledge or consent.
> 
> Lawyers love to see teachers as a scapegoat for administative irregularities.  They
> don't have good legal backup usually.
> 
> BILL
> 
> > 3.  ALL transactions should include a full audit trail and require memo notation
> > for ANY changes.
> 
> Transaction dates i agree should be stored in the gradebook database,
> but only certain modifications to the database should require "memo
> notification."  Maybe, if someone tries to delete all the students out
> of the database, then yes, that should require some sort of check.
> --
> Today is the beginning of all time.
> Today is the end of all time.
> Today is.
> 
> Bill Ries-Knight Computer Services
> 
> www.slip.net/~brk
> 

Content-Description: Card for Bill Ries-Knight