Skip to Main Content

cai securityplan te022516Security is a top priority for the CCCAssess platform that is being developed by the California Community Colleges (CCC) Common Assessment Initiative (CAI) and will be used as an assessment tool throughout the system.

The CCC Technology Center is working closely with CAI Product Manager John Hadad and Unicon, the subcontractor that is developing the new common assessment platform, to ensure industry practices for security are followed, according to Jeff Holden, Chief Information Security Officer for the Technology Center.

Follow International Standards

One of the steps being taken to ensure that the CCCAssess architecture and program are not susceptible to common vulnerabilities is to follow industry guidelines, Holden said.

“The Open Web Application Security Project (OWASP) identifies a top-10 list of most frequent security problems,” he said. “We use this as a guide as we review and test the program.”

OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. The mission of the organization is to increase visibility of software security issues so that organizations can make informed decisions about true software security risks. More than 42,000 volunteers participate in OWASP, sharing information under a free and open software license.

Conduct Security Analysis

Additionally, the CAI platform team will conduct a Static Code Analysis, Holden explained. “We will review the source code and scan it for vulnerabilities,” he said.

Static Code Analysis is used to identify possible vulnerabilities within “static” (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis. These tools enable analysts to efficiently find potential flaws. During the development phase, these methods can be used to give immediate feedback on code that might be vulnerable.

Write Security Plan

Jeff Holden, Chief Information Security Officer for the CCC Technology CenterCAI and Unicon will develop a security plan that is overseen by Holden.

“CCCAssess will follow best practices for security,” Holden said. “There will be regular risk evaluations and the plan will be continually reviewed and updated to protect the system. The Technology Center has Security Standards in place that will apply to CCCAssess.”

Ensure Student Privacy

Student privacy is essential to the system, according to Holden. “CAI also follows the requirements for student privacy established by Family Educational Rights and Privacy Act (FERPA) regulations,” he said. “Students will access CCCAssess through the student portal which also has a security plan.”

“Colleges can be confident that security was part of the RFP, and Unicon was selected to develop the platform for CCCAssess in part because it was reviewed for meeting the highest security standards,” Holden said.

Updating Security

Security is an ongoing concern for technology projects, especially web-based applications, according to the CAI’s Hadad.

“In addition to the technical security protocols that are in place, assessment content for a system like CCCAssess has a finite shelf life and requires frequent updates and replacement,” Hadad said.

During the CCCAssess Field Testing that is currently underway, CAI will validate the security protocol.

“As we move towards designing CCCAssess version 2.0, which will be delivered in Fall of 2016, security continues to be a key element,” Hadad said. “We will incorporate any enhancements based on what we learned during the pilot. Additionally, there will be an increased need for data governance and updated security protocols.”

For more information about CCCAssess security, contact John Hadad, CAI Product Manager, at This email address is being protected from spambots. You need JavaScript enabled to view it. or 530-413-8583.

Upcoming CAI Professional Development

Colleges may send representatives to upcoming regional professional development meetings to learn more about how they can form campus implementation teams to prepare for adopting the common assessment.

March 11 – Sacramento – Register here
April 15 – San Francisco Bay Area – Save the date

Go to to learn more.

Karen Fraser-Middleton is a marketing consultant for the
California Community Colleges Common Assessment Initiative