Risks and Remedies in ISRA University e-Learning System

Information technology brought radical changes in various aspects of contemporary life and education sector in general and in higher education in particular. Our institute (Isra University) decided to be more responsive to these dramatic changes and effectively employ information technology to improve the quality of teaching and learning through a gradual shift from web-enhanced courses towards blended learning, distance learning, and open learning to achieve better learning outcomes excellence and competition. We uses Moodle system to offer web-enhanced courses with timed on-line quizzes as well as a vehicle for students to submit homework assignments and gain access to different course related resources. This paper investigates the risks encountered at Isra university e-learning system (IUELS) in the offering of web-enhanced courses and how we solved the problems.


INTRODUCTION
E-learning provides various types of learner process. It performs learning process in more costly and effective ways than traditional learning because e-learning can be done in any geographic location. Online and distance education tend to adopt a more collaborative course team approach. They also provide the flexibility and the customizer meet of the learners. On the other hand, e-learning requires time and management for student/teacher to attend/organize a class as any traditional learning process required [1,2,3].
Web based e-learning provides equal quality education to all enrolled student. It suppies many feature to the education process such as: allowing interaction with the various communication channels of education, learning process with various styles and variety of multimedia, downloading and printing materials from web sources, and creating a media of collaboration, conversation, discussion, and exchanging ideas [3,4].
Blended learning refers to integrated distance learning technologies. It includes the traditional face-to-face classroom activities, print resources, and variety of instructional strategies such as learning, participatory learning, interactivity and case studies. Blended learning improves student interaction and satisfaction. [5] refers to blended learning as "umbrella term encompassing all learning that takes place at locations remote from the point of instruction".
Moodle offers many features that support the education process. Many articles [1,2,6,7,8] show the usability of using this stool in their university education system because of its good basic features,. Both students and teaching staff are satisfied with its performance and usability, great extensibility potential and some potentially adaptive features. Moodle supports the flexible reuse of teaching material among local faculties and having the option of a centralized system. It has become increasing popularity at universities and new features are developed continuously. Moodle is an extensible platform that been used in our university since 2007. Most students feel very comfortable with Moodle.
Barik and Karforma [9] mention interesting studies that show the risks and remedies in India e-learning system universities. They state the major threats of e-learning system and the risks which should be looked upare : student risks, author's risks, teacher's risks, manager's risks and system developer's risk in e-learning systems. They showed some tools/techniques to minimize those risks by using: firewall in access control, digital right management on e-learning assets, cryptography, secret-key algorithms, public-key algorithms, neural cryptography, elliptic curve cryptography, biometric authentication, digital watermarking.
Hölbl [6], stated "there are still some technical problems when using Moodle mostly caused by hardware and software limitations of the employed servers". But they did not provide technical solving methods. Instead they focus on Moodle analysis of students' habits and usage of communication features and possible reasons. Additionally, they investigated the student overall opinion and comments on e-learning and their experiences of technical problems in Moodle. The survey shows the Moodle technical issues both from students and administration, were mostly caused by hardware and software limitations of the employed servers. The problems identified included: : connection problems, slow response when many users were connected to Moodle, difficulties when opening or downloading specific types of files in certain browsers.
Ray [3] , provide many enhancement idea to improve the instructional design models and online learning course development in India, he also shows and discusses different approaches of web based e-learning system and two different models (CSIES and MBES).
However, through usage of Moodle platform in IUELS, many improvements have been done to it. IUELS has four participants that constructed their e-learn system (Students, Teachers, Managers and System Developer/Administrators). By identifying and solving the e-risk management has made IUELS reliable and efficient. The paper is organize as follow: the e-learn technical instructional issue are discussed at section 2, the different risks faced IUELS and the risk analysis in Moodle are explained at section 3, section 4 describes how these risks can be minimized by different tools and techniques, and finally the conclusion at section 5.

II. TECHNICAL INSTRUCTIONAL ISSUES
Technical issues include the tasks necessary to design and control the e-learning system, the steps and sequence necessary to create a course, and provide a retrieving electronic help and support to any problem occur in e-learning system. Because of the accessing and privacy issues, there is different e-learning system for students and instructors, so the type of support provided by the technical instructor is also different. For example, students are not able to access the following areas: courses creation areas, discussion and announcement postings or grade information for other students in the class. E-learning system required resources to be controlled and determined by the e-learning instructor include: operating system version and platform, CPU -speed and model, memory and connection. The instructor determine the type of the e-learning platform, he/she also controls the size of the memory to use [10,11].
Uden et al [12] argue that successful e-learning course requires environment, teach skills, subject matter skills, technical support, interaction content, and instructor aware of learning. E-learning instructor must be aware of what available technology the students will require to work with the e-learning system when developing course materials. The system also should be compatible with the delivery mechanism.
The instructor should focus on capturing and maintaining a detailed learner profile and choose the appropriate type of learning resource, keeping in mind what are the knowledge that exists, academic goals, learning style, and the background of the students . Having to make decision of what type of activities and concepts that are allowed and acceptable is difficult and this usually rely on instructor to be able to perceives what is appropriate for students and available technology The process of delivery is important in instruction design, since that is what encompasses much of the pedagogical issues [10,11].

II. THREATS AND RISKS
As internet is the backbone of e-learning system, different security measures are required to be imposed on e-learning system. Hackers can modify the authenticated e-learning documents, which are communicated from manager to students and from teachers to students as and when required [9]. The most major threats in IUELS are as follows:-1. Security of systems (especially for assessment purposes) raises risk issue of unauthorized access such as a. Confidentiality violation: An unauthorized party gaining access of the assets present in e-learning system. b. Integrity violation: An unauthorized party accessing and tempering with an asset used in E-Learning system. 7. Slow-running systems -especially if many people try to access it at the same time.
The above threats are mentioned in [9,13] and they also show other risks such as: •Denial of Service: Prevention of legitimate access rights by disrupting traffic during the transaction.
•Traffic analysis: Leakage of information by abusing communication channel.
•Brute-force attack: An attempt with all possible combinations to uncover the correct one.

III. REMEDIES OF RISKS
Barik and Karforma define [12] a risk, as the probability of the occurrence of a particular threat and the expected loss. Erisk involves the risk at the time of electronic transaction, whereas threat means an anticipated danger. Common threats for computers are viruses, network penetrations, theft and unauthorized modification of data, eavesdropping, and nonavailability of servers and personal computers". A number of different measures have been followed to manage IUELS-risks, which can be classified into three main categories:-•Technical measures: Such as determining the access rights of the systems, and the use of a firewall, anti-virus, backup data, and control mechanisms.
•Administrative procedures: regulations, policies and procedure.
•Operating procedures: Staff training and awareness of the importance of information security, protection devices and software.
After examination of the identified IUELS-risks we found that, the critical risks that we must focus are on confidentiality, integrity and availability as they are the triangle of success as shown in Fig.1. To mitigate and eliminating the following risks of:-•Unauthorized access we Implement and configure sophisticated firewalls that can block some incoming traffic but permit access by e-learning users and by applying host-based firewalls to all systems, including those behind the university firewall, because it is not sufficient to protect university resources from external security threats. It is also important to protect university resources from internal attacks, by protecting campus systems and academic computing resources in addition to the firewalls between the Internet and campus systems In order to provide a secure network environment, figure 2 show the planed organization of secure firewalls .
•Unavailability of the system could be due to technical failure, power outage or loss of internet connection; we managed to eliminate the risk of loss of internet connection by reconfiguring university internal network so the e-Learning system is accessible through intranet from inside the university and through the internet from outside the university using the same URL.
•Eliminating the risk of power outage needs continuous power supply to the server and other network devices, a sufficient UPS for all labs and network infrastructure in addition to a sufficient electrical generator that are able to support the power supply for all labs and network infrastructure.
•Malicious program mitigated with installation and configuration of virus detection programs.
•Unauthorized help writing of electronic exams is eliminated by the use of Safe Exam Browser, which is a web browser-environment to carry out online exams safely.
•Software changes: should be implemented into a secure workstation. This regulates the access to any utilities like system functions, other websites and applications and prevents unauthorized resources being used during an exam.
•Technical failure is mitigated with a backup's plan and recovery process.
•Person writing tests on behalf of enrolled students and exploitation of privileges by legitimate users are protected with strict policies and procedures.
•Slow-running systems: is mitigated with sufficient hardware and software infrastructure and e-exam procedures.
•Opposition to change: is mitigated by gradually spreading the culture of e-learning and its applications within training courses for teachers and students,as e-learning is not a program or a piece of furniture to be transported to the University but it is a culture of learning that should be created from within the university. We encourage and try to convince individuals to accept the change by pointing out to them the benefits of the e-Learning system, and treat any problems caused by the change, as soon as they appeared. There are risks involved in implementing e-learning system at universities. Our experiences at IUELS show that these e risks can be overcome. In this paper we have identified some of these risks and provided solutions based on our experiences in the use of Moodle from the past few years. These solutions seem to have positive results in overcoming the risks. It is our wish that lessons learned from us will be able to provide some suggestions to others who are thinking of implementing e learning system using Moodle. We would like others to take up our suggestions and evaluate the suggested solutions.