Academic journal article Journal of Information Systems Education

Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

Academic journal article Journal of Information Systems Education

Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

Article excerpt


The problem statement for this study resides at the intersection of two recent and timely phenomena: e-learning and information security. According to an annual study commissioned by the Sloan Consortium (Allen and Seaman, 2010), e-learning has grown massively over the last decade (see Figure 1) and this growth appears to be continuing; recent projections suggest that by 2015, 86% of postsecondary students will take some or all of their classes online (Nagel, 2011, January 26).

An e-learning platform connected to the Internet is susceptible to the same types of attacks and human error as any other site, however, researchers (Furnell, Onions, Knahl, et al., 1998; Furnell and Karweni, 2001; Warren and Hutchinson, 2003; Raitman, Ngo, Augar, and Zhou, 2005; Mohd Alwi and Fan, 2010a, 2010b, 2010c) discussing these issues over the last decade have repeatedly asserted that the issue of e-learning security has not been adequately addressed. Furthermore, considering human beings are widely cited as the weakest link in any information security program (Curry, 2011), this brings the focus on several major categories of participants in the online learning process: developers, teachers, students and administrators. Lack of attention to information security in e-learning is a problem because important issues of student and staff privacy are at stake, but also online learning credibility is at stake due to proper authentication of students and attribution of student work.

Exploits on vulnerabilities of a learning management system could have devastating consequences to accessibility, availability, and reliability of the platform, thus impacting both everyday operations of the educational institution and to its long term reputation. In September 2011, Australian researchers (Pauli, 2011) discovered several zero-day security vulnerabilities in Blackboard Learn, a platform used by thousands of universities around the world. These vulnerabilities could potentially allow students to change grades and download future assignments, including exams and also exposed personal information to theft. As with any information system, internal threats are also possible. In 2008, staff and student workers at the University of Texas Brownsville used an admin access to the university Blackboard system to steal exams (Tillman, 2009) and a breach by a student of a similar Blackboard system at Baylor University compromised personal data of over 500 students, staff and faculty (Daily, 2008). A 2010 study by the Ponemon Institute (Miller, 2010), which included several educational institutions, estimated that the average cost per record of personal information stolen in a data breach was $204.


The open source Moodle platform is not at all immune to vulnerabilities and the vast number of implementations, over 67,000 sites in 217 countries (, 2012), makes it a prime target for attack. In October 2011, Moodle posted comprehensive updates to all three branches of the learning management system which addressed fifteen security vulnerabilities (Nagel, 2011, October 19). Several of these vulnerabilities were identified as "serious" and included the possibility for users to modify form contents, authentication vulnerability, exposure of user names in the chat functionality, cross-site forgery, cross-site scripting, database injection and denial of service vulnerability.

Little is known, however, about what security concerns and issues are central to those who use learning management systems. Most research discusses security issues on a rather high and conceptual level. The aim of this study is to return to primary sources, the Moodle learning management system (LMS) Security and Privacy forum, in an attempt to identify, categorize and understand trends and concerns among learning management system users.

The primary research questions of this study are:

* What are the main themes and issues discussed by the Moodle LMS developer and user community on the Security and Privacy forum? …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.