PRE-CONFERENCE TUTORIALSMonday, June 26, Afternoon, 1:30 PM - 5:00 PMT6: Security and Dependability in E-LearningEdgar R. Weippl, Vienna University <strong>of</strong> Technology, AustriaAbstract: (www.ifs.tuwien.ac.at/~weippl/edmedia_security.pdf) Considering <strong>the</strong>enormous costs <strong>of</strong> creating and maintaining courses, it is surprising that security isnot yet considered an important issue by most people involved, including teachersand students. Unlike traditional security research, which has largely been driven bymilitary requirements to en<strong>for</strong>ce secrecy, in <strong>the</strong> realm <strong>of</strong> e-learning it is not <strong>the</strong>in<strong>for</strong>mation itself that has to be protected against unauthorized access but, <strong>the</strong> wayit is <strong>pre</strong>sented. In most cases <strong>the</strong> knowledge contained in e-learning programs ismore or less widely available; <strong>the</strong>re<strong>for</strong>e, <strong>the</strong> asset is not <strong>the</strong> in<strong>for</strong>mation itself but<strong>the</strong> hypermedia <strong>pre</strong>sentation used to convey it. Dependability includes most securityrequirements but does no longer focus on confidentiality, a requirement that isconsidered not that important by many teachers and students. In this tutorial webuild on <strong>the</strong> findings published in our book "Security in E-Learning" (to be publishedby Springer NY in 2005) and extend <strong>the</strong>m to include aspects <strong>of</strong> dependability.Objectives: After attending <strong>the</strong> tutorial <strong>the</strong> audience will be able to answer followingquestions:• Authors-Why is security relevant when creating content?-Which kind <strong>of</strong> threats are <strong>the</strong>re?-Which assets should I protect?-How can I protect <strong>the</strong> a<strong>for</strong>ementioned assets?-Are <strong>the</strong>re ways to impede illegal use through smart design?-How much additional ef<strong>for</strong>t will be required?• Teachers-Why is security relevant when using e-learning?-Which kind <strong>of</strong> threats are <strong>the</strong>re?-Which assets should I protect?-Does standardization (<strong>of</strong> e.g. exams) undermine <strong>the</strong> freedom <strong>of</strong> academia?-How can I determine <strong>the</strong> level <strong>of</strong> risk exposure <strong>of</strong> my exam questions?-How can I make my lecture „secure“? Will it have a negative impact on my“honest” students?-How much additional ef<strong>for</strong>t will be required?• Managers-Which organization issues are relevant to security?-How is security influenced by* infrastructure* buildings and floor layouts,* organizational workflows(e.g. how are exam results handled to eventually affect grades?)-How can a manager make a good case <strong>for</strong> security so that teachers, authorsand students will support him?-How much additional ef<strong>for</strong>t will be required?Outline: According to <strong>the</strong> wishes <strong>of</strong> <strong>the</strong> audience following topics will be covered;clearly, all topics will focus on specifics <strong>of</strong> Web-based E-Learning• Introduction to Security• Security Risk Analysis• Security Patterns• Common Security Weaknesses• Techniques to protect digital content• Privacy, Feedback and Assessment <strong>of</strong> Students, Authors and TeachersThis tried-and-true tutorial provides attendants with a com<strong>pre</strong>hensive overview <strong>of</strong>security issues relevant to e-learning. Even though security has become paramountin many o<strong>the</strong>r areas <strong>of</strong> Web-based business, research in e-learning is still hardlyconcerned about <strong>the</strong> issues <strong>of</strong> security and privacy.A similar tutorial (Security in E-Learning) has already been <strong>pre</strong>sented at many<strong>conference</strong>s, including EDMEDIA 2003-2005 and E-Learn 2005. Based <strong>the</strong> feedback<strong>of</strong> <strong>the</strong>se <strong>tutorials</strong> and ongoing research work this year's tutorial will <strong>of</strong>fer insightto recent advances in computer security and include aspects <strong>of</strong> dependability.The tutorial web site is available at http://www.e-learning-security.org.Prerequisites:• Authors creating e-learning content.• Teachers using e-learning systems.• Managers responsible <strong>for</strong> <strong>the</strong> selection and maintenance <strong>of</strong> e-learning programs.Intended Experience Level: AdvancedInstructor Qualifications: Dr. Edgar R. Weippl is assistant pr<strong>of</strong>essor at <strong>the</strong>Vienna University <strong>of</strong> Technology and CEO <strong>of</strong> Security Research. His research focuseson applied concepts <strong>of</strong> IT-security and e-learning. Edgar has taught several <strong>tutorials</strong>on security issues in e-learning at international <strong>conference</strong>s, including ED-MEDIA 2003-2005 and E-Learn 2005. In 2005, he published Security in E-Learning with Springer.After graduating with a Ph.D. from <strong>the</strong> Vienna University <strong>of</strong> Technology, Edgarworked <strong>for</strong> two years in a research startup. He <strong>the</strong>n spent one year teaching as anassistant pr<strong>of</strong>essor at Beloit College, WI. From 2002 to 2004, while with <strong>the</strong> s<strong>of</strong>twarevendor ISIS Papyrus, he worked as a consultant <strong>for</strong> an HMO (EmpireBlueCross BlueShield) in New York, NY and Albany, NY, and <strong>for</strong> Deutsche Bank(PWM) in Frankfurt, Germany.An extended CV including all publications is available atwww.ifs.tuwien.ac.at/~weipplTutorials are indicated by a T# and have a lecture/demonstration <strong>for</strong>mat. We advise early registration <strong>for</strong> all Tutorials due to limited space available.10
PRE-CONFERENCE TUTORIALSMonday, June 26, Afternoon, 1:30 PM - 5:00 PMT7: We Don't Manage Courses, We Teach! Supporting Instruction with MoodleSamuel Rebelsky, Grinnell College, USAAbstract: The growth <strong>of</strong> <strong>the</strong> Web has seen a corresponding growth in so-called"course management systems" (CMS's). As <strong>the</strong> EdMedia symposium entitled"Learning Management Systems Developments: Past/Future" suggests, <strong>the</strong> focus<strong>of</strong> such systems is too <strong>of</strong>ten on <strong>the</strong> static transmission <strong>of</strong> "content" ra<strong>the</strong>r than supportingmore interactive teaching and learning. In this tutorial, we will explore <strong>the</strong>Moodle open-source learning management system, a system whose focus is constructivistpedagogy, ra<strong>the</strong>r than simply tools to manage courses. That is, althoughMoodle supports <strong>the</strong> traditional aspects <strong>of</strong> CMS's – such as gradebooks, postinghandouts, receiving student submissions, and threaded discussion – Moodle isdesigned in such a way that encourages instructors to build interactive, studentcenteredonline courses and or course support. Participants will <strong>the</strong> particulardetails <strong>of</strong> Moodle through a mixture <strong>of</strong> lecture, discussion, demonstration, andhands-on (computer-free) exercises. Participants will leave <strong>the</strong> workshop with anunderstanding <strong>of</strong> how to install and use Moodle, with ideas <strong>for</strong> innovative ways touse Moodle, and with directions <strong>for</strong> future exploration.Objectives:• Review key issues <strong>of</strong> Course Management Systems (CMS)• Revisit concerns from LMS symposium (<strong>for</strong> both those who attended andthose who did not)• Consider Moodle's constructivist approach to CMS's and its three perspectiveson course design (date-centered, topic-centered, and social centered)• Gain experience thinking about how to design a Moodle course• Explore basics <strong>of</strong> Moodle installation and use• Compare benefits <strong>of</strong> open-source and proprietary s<strong>of</strong>twareOutline:I. CMS Basics [30 min]1. Purpose <strong>of</strong> CMS's2. Common features - Threaded discussion, Gradebook, Quizzes, Handouts,Student submissions, etc.3. Why use CMS's?II. Orientation [30 min]1. Review purpose and structure <strong>of</strong> tutorial. Discuss handouts.2. Ice-breaker exercise: Discuss worst experience with course managementsystem.3. Review concerns raised at symposium.III. Moodle: Ano<strong>the</strong>r Approach to CMS [30 min]1. Introduce Moodle's view <strong>of</strong> constuctionism/constructivism2. Three approaches to arranging a course: By date, by topic, by social arrangement.3. Moodle course walkthrough, student perspective4. Key Moodle features (mostly covered in walkthrough)5. Open source vs. proprietary s<strong>of</strong>twareBreakIV. Exercise: Designing a Moodle Course [30 min]After a short review <strong>of</strong> <strong>the</strong> Moodle philosophy, groups <strong>of</strong> three to five participantswill work toge<strong>the</strong>r to design simple courses on topics <strong>of</strong> <strong>the</strong>ir choice. Differentgroups will be assigned different perspectives (group one will arrange <strong>the</strong> courseby date, group two by topic, group three by social arrangement).V. Demonstration: Building a Moodle Course [30 min]We will choose one or more <strong>of</strong> <strong>the</strong> course designs from <strong>the</strong> exercise and showhow one sets up <strong>the</strong> resources within Moodle.VI. The Nitty-Gritty Details: Installing Moodle [20 min]1. Necessary hardware and s<strong>of</strong>tware.2. Steps and problems.3. How much support is necessary?VII. Wrapup [10 min]1. Fill in evaluations.2. Questions and answers.3. Where to go <strong>for</strong> fur<strong>the</strong>r in<strong>for</strong>mation.Prerequisites: Beginner. No experience necessary (o<strong>the</strong>r than <strong>the</strong> abilities to use<strong>the</strong> Web and think about teaching).Intended Experience Level: BeginnerInstructor Qualifications: Samuel A. Rebelsky has been an active member <strong>of</strong><strong>the</strong> Ed-Media community <strong>for</strong> ten years. In that time, he has led a number <strong>of</strong> successful<strong>tutorials</strong>, served as workshops/<strong>tutorials</strong> chair (1996-2001), co-chaired <strong>the</strong><strong>conference</strong> in 2002, and served on <strong>the</strong> steering committee. Rebelsky's researchduring that time frame has emphasized innovative uses <strong>of</strong> <strong>the</strong> World Wide Web,course web design, course management systems, and hypertext authoring. Threepapers on <strong>the</strong>se areas received Outstanding Paper awards from Ed-Media.Tutorials are indicated by a T# and have a lecture/demonstration <strong>for</strong>mat. We advise early registration <strong>for</strong> all Tutorials due to limited space available.11