• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

SecurityCom: A multi-player game for researching and teaching ...

on

  • 650 views

 

Statistics

Views

Total Views
650
Views on SlideShare
650
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • We agree that it is importantWe don’t agree on how to do it
  • Last point: Perhaps with some analysis tooWith the limited time that we have
  • Active Experimentation and Concrete Experience help students “feel” the concepts being taught
  • Teaching two security courses where this can be done

SecurityCom: A multi-player game for researching and teaching ... SecurityCom: A multi-player game for researching and teaching ... Presentation Transcript

  • SecurityCom: A multi-player game for researching and teaching information security teams
    Doug Twitchell, PhD
    Illinois State University
    School of Information Technology
  • Security Education and Training
    Why?
    The easy part
    That’s why we’re here
    Integral to a comprehensive security plan
    How?
    Not so easy…
    Classroom?
    Books?
    Certifications?
    Apprenticeships?
    On-the-job?
  • Learning According to Bloom
    Bloom:
    Lowest/Easiest is Knowledge
    (i.e., memorizing, defining, recognizing)
    Books/Lectures
    Highest/Hardest is Evaluation
    (i.e., assess, compare, judge, predict)
    Long experience
    Middle is Application
    (i.e., use, operate, demonstrate)
    What we can hope for in security education
    http://officeport.com/edu/blooms.htm
  • Experiential Learning According to Kolb
    Concrete
    Experience
    Active
    Experimentation
    Reflective
    Observation
    Abstract
    Conceptualization
  • Security Learning for Teams
    Security function
    Usually involves more than one person
    Doesn’t happen in a vacuum
    Organizational constraints
    Budgetary constraints
    Security  Agility
    Decisions made with others across the organization
    Security “techies” not often prepared for this
    Security may lose out (bias => agility)
  • Experiential Learning in Security Education and Training
    How to get to the application level with teams
    Demonstrations
    Not really application
    Labs
    Tutorials
    Step-by-step
    Assignments
    Figure out parts on your own
    Work/Study and Internships
    Best
    Sometimes difficult to get
    Uncontrolled (may not coincide with curriculum goals)
    Games!
  • Games In Security Education
    Advantages
    Disadvantages
    Controlled
    You decide what they learn and how they learn it
    No distracting outside information
    Cause/Effect demonstrated immediately
    Quick
    Can be designed to do in < 1 hour
    Part of a lecture
    Cheap
    Not much equipment needed
    Familiarity
    Younger students, at least
    Motivation
    Competition
    Use for Research
    Main disadvantage:
    Not as close to “real life” as real life is
    Not free
    Some equipment required
    Design and setup required
    Students must learn how to use
  • Games in Security Education:CyberProtect
    Two games you might know about
    CyberProtect
    Defense Information Systems Agency
    Free and freely distributable
    Won awards
    Quick/Easy to use
    Single player
    Turn-based
    Somewhat outdated
    Demo!
  • Games in Security Education:CyberCIEGE
    CyberCIEGE
    Naval Postgraduate School
    Free for some by request
    3D!
    Simulation based
    Game-building language
    Some pre-built scenarios
    Not as quick/easy as CyberProtect
    Currently only single-player
    But claims that multi-player is in the works
    Demo!
  • StrikeCom
    StrikeCom
    Built for researching interpersonal deception
    Used for teaching Network Centric Warfare
    Office of Force Transformation
    Seminars around the world
    National Defense University (until they were hacked)
    Received great feedback – students could “feel” the concepts, and it broke up the “Death by PowerPoint”
    Multi-player, collaborative game –Teams!–
    Taught usefulness of shared-situational awareness and alternative communication channels
    Demo!
  • SecurityCom
    Wanted a game
    Quick/Easy like CyberProtect
    Multiplayer/Collaborative like StrikeCom
    Configurable like CyberCIEGE
    Web-based
    Easy to install (web browser only) and administer
    Familiar interface
    Built from ground-up
    Ruby on Rails
    AJAX
    Demo!
  • Goals
    Use SecureCom
    As an experiential learning tool
    Active Experimentation
    Concrete Experience
    Integrated in to lecture
    First concept
    Security in the organization
    Security  Agility
    Players with differing goals
    Need for trade-offs
    We teach this, but they need to “feel” it
  • Testing SecureCom: Experiment 1
    Lecture Only
    Lecture +Activity
    Lecture +SecureCom
    Teach concepts
    Organizational goals
    Conflicts
    Trade-offs
    Relation to risk management
    Overview of concepts
    Activity
    Groups of three
    Come up with a security plan on paper
    • Overview of concepts
    • Play Game
    • Groups of three
    • Secure the system across 4 rounds
    • Test learning outcomes
    • Pre/Post test
    • Survey
  • Testing SecureCom Experiment 2
    Choose two concepts
    Use CyberProtect, CyberCIEGE, and SecureCom as teaching aids
    Compare learning outcomes
  • Bonus: Security Research Using Games
    Games are useful for research
    Research besides teaching/learning research
    Research using StrikeCom
    Deception
    Leadership
    Controlled environment
    Motivated subjects
    Full interaction recorded
  • Bonus: Security Research Using Games
    Planned research using SecurityCom
    Shared-situational awareness
    Network-Centric Warfare tenet
    The ability for all involved to simultaneously have knowledge of current battlefield situtation
    Security Planning
    Does having shared-situational awareness help groups who make security decisions make better decisions?
    Network is the “battlefield”
    Compare groups with SSA to those with only language-based communication
  • Conclusion
    Security education is important
    Need to make sure SE results in at least “Application” level learning
    Use Experiential learning to accomplish
    Games help complete experiential learning cycle
    CyberProtect and CyberCIEGE are currently available, but single player
    SecureCom is on its way and is collaborative
    Two experiments are planned to test SecureCom
    SecureCom and games like it can also be used for research
  • Questions?