The University of Helsinki IT Security Test was launched for staff in spring 2021 and for students in spring 2022. The test aims to draw the attention of University staff and students to factors and procedures that matter in terms of information security. But how have University staff and students welcomed the test and what kind of feedback have they provided on it? In your opinion, what topics should the test cover?
The short annual test is mandatory for staff members and degree students. Other members of University staff and students can also take the test if they wish.
Most respondents consider the IT security test meaningful and easy
The feedback indicates that many of those who provided feedback found the test meaningful and easy: 67 per cent of staff and 62 per cent of students either agreed or somewhat agreed with the statement “Taking the IT Security Test felt meaningful”. Thirteen per cent of staff and 12 per cent of students gave a neutral response. On the other hand, 20 per cent of staff and 26 per cent of students disagreed or somewhat disagreed with the statement.
The IT security test’s questions were considered fairly easy: 71 per cent of students and 66 per cent of staff found the questions either very or somewhat easy. The questions were considered difficult or somewhat difficult by 6 per cent of students and 5 per cent of staff. The rest (23 per cent of students and 29 per cent of staff) took a neutral position on the test’s difficulty.
Equal amount of praise and criticism in written feedback
The written feedback contained equal amounts of positive and constructive feedback, as well as development suggestions and corrections related to the content and questions of the test. Thank you for all your comments!
The following themes emerged in the positive written feedback:
- The test was appropriate in scope and easy to complete
- The test served as a good reminder of important things
- The test questions were important and relevant to the feedback provider
- The test also taught new things
- The concise annual test is a good concept
- The content of the teaching material (the quick guide) was found to be good
In turn, the following themes emerged in the more critical written feedback:
- Unnecessary to repeat every year
- I did not learn anything new
- A waste of time and resources
- Too easy or too few questions; some of the respondents found the test too difficult
- Linking the test’s completion to the user account’s availability was found to be unfair
Along the way, we have corrected mistakes and made small improvements to the test questions based on the feedback from University staff and students. We consider any broader development suggestions in connection with our more comprehensive annual revision of the test, carried out before a new test is released.
Background to the test – Why is the test the kind it is?
A few years ago, an exceptional number of the University staff and students’ user accounts were captured through phishing scams. This led to discussions about an IT security test. The then Vice Rector Paula Eerola was involved in outlining how the University of Helsinki’s IT security test should work. She explained the reason for making the test mandatory in the following way: “We came to the conclusion that we couldn’t make the test voluntary, because University staff and students are busy and might not give the test very high priority. However, when you get a University username, you commit to many things. It felt natural to make the IT security test a regular part of the process, just like changing passwords.” The goal was to make the test quick to complete so that it would not be too much of a burden every year but would still serve its purpose by reminding people of the importance of information security in their daily work. Indeed, the test only contains five questions drawn from a question bank, but anyone who wants to learn more about the topic can do so by perusing the teaching material offered in connection with the test.
The University of Helsinki is not the only one that has decided to require the completion of an IT security test or course. Two other universities have introduced mandatory information security-related content that is linked to the validity of usernames, and an interest in similar arrangements has also been seen in other universities.
The grounds for the IT security test’s introduction and the importance of information security in general have certainly not diminished in recent years. On the contrary, information security is more important than ever.
Was your user account locked because of an uncompleted test?
Everyone is assigned an individual time to complete the security test. The times for taking the test are staggered throughout the academic year and are assigned based on the username (see the table in Flamma for more information). Several reminders about the test deadline will be sent to your University email address. The first one is sent two months before the deadline and the last one on the last day you can complete the test. Take the test as soon as possible. If you have not completed the test by the deadline, your user account will be locked. Should this happen, please contact IT Helpdesk.
Did you encounter accessibility issues in the test?
The test has been built with accessibility in mind (see IT Security Test accessibility report). However, if you feel you are unable to take the test due to an impediment, please contact IT Helpdesk. If you notice anything else in the test’s Moodle area that could be problematic in view of accessibility, please send us your comments through the feedback survey.
What would you like the test to cover?
We are again renewing the test and preparing new content for the 2024–25 season. What themes would you like the test to cover? Would you like there to be more content on the current themes? To date, the test has included questions about topics such as phishing, online scams, MFA (multi-factor authentication), multi-location work and travel, and data storage and sharing. Provide your comments below and suggest a theme! You can also suggest a theme through the feedback survey.