Blog

  1. TOP
  2. Blog
  3. What are the security risks in CBT? Explaining the types of risks and countermeasures

What are the security risks in CBT? Explaining the types of risks and countermeasures

January 14, 2026
  • CBT

CBT is a computer-based Test Format is being increasingly adopted for many qualification exams and national examinations. While it offers advantages over paper-based exams, such as more efficient grading and immediate notification of results, it also requires measures to address security risks associated with digitalization. This article explains the types of security risks associated with CBT, how to prevent cheating, and measures to protect personal information.

Security Risks in CBT Exams

CBT(Computer Based Testing)is a general term for Test Format that utilizes computers, and is a method of administering exams in which questions and answers are set using computers at designated Test Center across the country.

Compared to traditional paper-based tests (PBT), digital exams offer a variety of benefits, including more efficient marking and the ability to provide quick feedback to Candidate. However, it is important to understand that digital exams also pose security risks, and to take appropriate measures.

First, we will explain the main security risks that can be considered with CBT.

Risk of personal information leakage

One security risk with CBT is the risk of personal information leaks. In CBT exams, personal information such as Candidate' names, photographs, test history, and score data is stored digitally. Therefore, there is a non-zero chance that this information could be leaked to the outside world due to unauthorized access or malware infection.

In particular, if database security measures are insufficient, there is a high risk of large amounts of personal information being leaked.Leaking personal information not only violates the privacy of Candidate, but also significantly damages the credibility of the test organizers, so strict measures are required.

Furthermore, secondary damage may occur if leaked information is misused. In recent years, cyber-attack methods have become more sophisticated, making it necessary to always take the latest security measures.

Risk of system failure

CBT also carries the risk of system failure, which could mean that Candidate are unable to continue taking the test due to a system or network failure during the test, or that test results could be inaccurately recorded due to corruption or loss of test data.

Such system failures not only cause significant disadvantage to Candidate, but could also undermine the fairness and reliability of the exam. Therefore, it is essential to clearly define response procedures in the event of a failure and to have a backup system in place. It is also important to consider measures to prevent failures from occurring by conducting regular system maintenance and load tests.

Risk of fraud

With CBT, cheating is possible, such as taking screenshots of exam questions or taking them outside the exam room. There is also the possibility of cheating by unauthorized viewing of exam questions in Test Center or bringing in digital devices.

If Candidate commit fraud, the exam will not be conducted fairly and proper evaluation will not be possible, so it is important to create a system to prevent fraud before it happens.In addition to technical measures, it will also be necessary to establish an appropriate supervision system at Test Center.

For more information about CBT, please see the following article:

What are the characteristics of CBT? Thorough explanation of the difference between "PBT" and "IBT"!

How can cheating be prevented in CBT?

To maintain fairness in CBT, it is essential to have a system in place to effectively prevent cheating. As technology advances, cheating methods become more sophisticated, so test organizers must always take the latest countermeasures. This article introduces specific methods for preventing cheating in CBT.

Introduction of an identity authentication system

One way to prevent cheating in CBT is to introduce an identity authentication system. Using an identity authentication system at reception to verify the identity of Candidate using Identification Document and face can help prevent proxy taking and impersonation. If the test taker's face does not match the pre-registered face photo, they will not be able to take the test, which increases the accuracy of identity verification.

In addition, combining this with photo ID will increase the reliability of identity verification. In recent years, the accuracy of facial recognition systems using AI technology has improved, allowing for more reliable identity verification. Introducing a multi-layered identity authentication system will significantly reduce the risk of test-taking fraud.

Exam environment restrictions

Cheating in CBT can also be prevented by restricting the exam environment. It is important to restrict the launch of applications other than specific ones during the exam and to block external communications.

In addition, cheating and other misconduct can be prevented by having exams supervised and monitored by proctors at Test Center. It is important to have a system in place where proctors patrol Test Center and constantly monitor the behavior of Candidate, so that suspicious behavior can be detected early.

Additionally, it is also effective to disable shortcut keys and block programs and screens other than those containing test questions. These technical restrictions will make it more difficult for Candidate to cheat.

Utilizing a random question system

The risk of cheating can be reduced by randomly selecting test questions or by providing different questions to each Candidate. Also, by creating a system to change the order of questions or the arrangement of answer options, Candidate next to them, making cheating less likely.

Utilizing a random question system, which selects a different combination of questions from a question pool each time, makes it difficult for Candidate to share information, and is an effective measure to increase the fairness of the test. However, when using random question selection, it is essential to make adjustments to ensure that there are no differences in difficulty between Candidate.

Necessary security measures for protecting personal information

Appropriate protection of Candidate' personal information in CBT is a responsibility of test organizers. Complying with relevant laws and regulations, including the Personal Information Protection Act, and protecting Candidate' privacy is essential to maintaining the reliability of the test. Finally, we will explain the security measures required to protect personal information.

Encryption and Access Control

Encryption and access control are considered to be necessary security measures for protecting personal information. Since test questions are sent and received over the Internet, strong encryption using technologies such as SSL is essential. Encrypting communication data reduces the risk of leakage or loss.

Implementing multi-step authentication and IP restrictions is also effective. This will prevent unauthorized access and create an environment where only authorized personnel can access data. By implementing such technical measures, you can increase the safety of personal information. Even if unauthorized access does occur, you should have a system in place to quickly detect and respond.

Establishment of an organized information management system

It is essential for organizations that administer exams to establish an organizational information management system. Raise staff awareness of information management through regular training.

Specifically, you could consider developing manuals and procedures, building a system to prevent human error, and establishing clear rules for handling personal information and making sure all staff are aware of them. Taking such measures will lead to an improvement in the security level of the entire organization.

It is also important to take steps to obtain ISO 27001 certification (ISMS certification), which is a standard for building and operating an information security management system, and the Privacy Mark. In the process, security awareness within the organization will increase, leading to a reduction in security risks.

Management of subcontractors

If you outsource the operation of your CBT, it is essential to include a clause regarding the protection of personal information in the contract. Be sure to clarify the contractor's handling of personal information, management structure, and security measures when signing the contract. Furthermore, by establishing a system for regular audits and reporting of contractors and checking the implementation status of security measures, you will be able to manage risks at the contractor.

When selecting a contractor, it is important to select a company with a solid security system. At the end of the contract, it is also important to ensure that the contractor returns or deletes any personal information they hold.

Establishing a management system is important for CBT security measures

CBT involves security risks such as the leakage of personal information, system failures, and fraud, so appropriate security measures must be implemented to ensure a fair exam. Furthermore, security measures are not something that are implemented once and then left unaddressed; continuous improvement is important. It is necessary to conduct regular risk assessments, maintain a system that can respond to new threats, and raise awareness throughout the organization.

Prometric has acquired the Privacy Mark and ISO 27001 certification, and has established a strict security system that is also used for national exams. We provide an environment where Candidate can take the exam with peace of mind. Prometric 's strengths in CBT include the number and quality of Test Center Test Center, security, and an overseas network. Tests are administered under the same conditions at all Test Center nationwide. If you are considering CBT, please contact Prometric, which provides an environment where Candidate can take the exam with peace of mind.

Questions about introducing CBT, consultation on operation, fees, etc.
If you have any questions, please feel free to contact us.

LANGUAGE