Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The importance of authenticity in cyber security training and education

230 views

Published on

A presentation at the Jisc security conference 2019 by Juanjo Mata De Acuna, KTP associate, Edinburgh Napier University.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

The importance of authenticity in cyber security training and education

  1. 1. The importance of authenticity in cyber security training and education Juanjo Mata De Acuna, Edinburgh Napier University / Satisnet Ltd
  2. 2. The industry / academia skill gap
  3. 3. Difference between learning and training Learning Provides students with knowledge to confront present and future issues. • Long term goals • Broad, general purpose • Adaptability and flexibility 3 The importance of authenticity in cyber security training and education
  4. 4. Difference between training and teaching Training Teaches a set of skills required to carry our a specific job. • Quick results • Specific • Limited adaptability and flexibility 4 The importance of authenticity in cyber security training and education
  5. 5. The skill gap What companies need from candidates “8 out of 10 employers consider a 4-year degree to be insufficient to prepare candidates for the job.” * Companies require candidates with hands-on experience. This often translates into new employees going through on-board training before starting their new job. *ISACA, “Preparing cyber security professionals to make an impact today and in the future,” 5 The importance of authenticity in cyber security training and education
  6. 6. The skill gap What academia can offer Cybersecurity is a broad and ever-changing subject. Fundamental background knowledge can help professionals to adapt to changes and acquire new skills. 6 The importance of authenticity in cyber security training and education
  7. 7. Our project KTP between ENU and Satisnet
  8. 8. Main goals The main goal was to design a methodology for creating authentic material for cyber security. As a first proof-of-concept, we designed a scenario for new security operation centre analysts, to make them understand the tools and procedures used at work in the context of a realistic security incident in a controlled, simulated environment. 8 The importance of authenticity in cyber security training and education
  9. 9. Pedagogical resources Engagement • Multiple-try feedback - Encourage reflection on error • Instant feedback - Increase students’ confidence - More quality face-to-face time with instructors 9 The importance of authenticity in cyber security training and education
  10. 10. Pedagogical resources Engagement • Gamification - Context - Freedom of choice 10 The importance of authenticity in cyber security training and education
  11. 11. Pedagogical Resources Realism • Loosely defined tasks - Require students to break them down into sub-tasks • Access to expert advice during the exercises • Accept different manners of achieving success 11 The importance of authenticity in cyber security training and education
  12. 12. Mapping SOC roles to Bloom’s taxonomy Bloom’s taxonomy level SOC level Sample activity Remember Tier 1 Be aware of general security concepts Understand Tier 1 Review and classify alerts by urgency Apply Tier 1 Create tickets to highlight incidents that require actions from a Tier 2 analyst Analyse Tier 2/3 Review asset discovery and vulnerability assessment data Evaluate Tier 2/3 Leverage threat intelligence data to identify affected systems and the scope of an attack Create Tier 2/3 Develop detection mechanisms for new threats 12 The importance of authenticity in cyber security training and education
  13. 13. Prototype: Design process
  14. 14. Interviewing relevant industry drivers The interviews focussed on developing a better understanding of specific implications of the jobs developed at a security operations centre: • Different roles and their duties • Skills and fundamental knowledge required • Common issues and tasks 14 The importance of authenticity in cyber security training and education
  15. 15. Hands-on job experience Multiple shadowing sessions with senior analysts were scheduled. This helped to better understand the roles and dynamics encountered in this work environment, allowing to design scenarios that faithfully mirrored the working conditions of a SOC. 15 The importance of authenticity in cyber security training and education
  16. 16. Expert advice and supervision The design and implementation processes were closely supervised by technical and academic professionals. The technical experts ensured the realism of the scenarios. The academic advisors supervised that the learning experience followed a suitable pedagogical approach. 16 The importance of authenticity in cyber security training and education
  17. 17. Tools for implementing the prototype
  18. 18. Articulate storyline • Instant feedback • Adaptable content • Various types of questions - Mostly for lower Bloom levels 18 The importance of authenticity in cyber security training and education
  19. 19. Moodle • Student tracking and reporting • Attendance control • Essay-type questions - Supplements the lack of higher level questions in Storyline 19 The importance of authenticity in cyber security training and education
  20. 20. CyberKombat • Virtual cloud environment - Controlled - Realistic - Flexible • Access to professional tools 20 The importance of authenticity in cyber security training and education
  21. 21. First prototype scenario
  22. 22. T1 SOC analyst scenario • Basic investigation of a credentials attack - Look at the details of the incident in the SIEM tool - Reflect on the impact of the incident - Submit a report in the shape of a ticket 22 The importance of authenticity in cyber security training and education
  23. 23. T2 SOC analyst scenario The student takes over the ticket produced in the previous scenario Advanced investigation steps using the SIEM and additional tools • Extract detailed information about the attacked asset • Creation of a timeline • Review alert triggering mechanisms 23 The importance of authenticity in cyber security training and education
  24. 24. T2 SOC analyst scenario Post-scenario essay questions in Moodle challenged the students to: • Write reports and recommendations addressed at audiences like executive board members or technical specialists • Investigate the different options to detect and prevent the same kind of issue in the future • Analyse the impact of the incident in the context of the Cyber Kill Chain 24 The importance of authenticity in cyber security training and education
  25. 25. Impact and reception
  26. 26. Professional review The first iteration of the scenario was run in a session with 8 analysts that already performed these duties. Their feedback highlighted: • Good level of realism in the scenario and tasks depicted • Usefulness of the material for potential new employees 26 The importance of authenticity in cyber security training and education
  27. 27. On-board training course After amendments were made using the feedback from the analysts, the final scenario was implemented as the core of the on-boarding course taken by new employees incorporated into Satisnet’s team. 27 The importance of authenticity in cyber security training and education
  28. 28. Future work
  29. 29. Future work • Automation - Flexibility - Scalability • Randomisation of environments - Repeatability of scenarios by students • Event detection - Automatic detection of landmarks reached by the students 29 The importance of authenticity in cyber security training and education
  30. 30. References ISACA. (2017). Preparing Cybersecurity Professionals to Make an Impact Today and in the Future. Bloom, B. S. (1956). Taxonomy of educational objectives. David McKay. Van Niekerk, J., & von Solms, R. (2013). Using Bloom’s Taxonomy for Information Security Education. In Information Assurance and Security Education and Training (Vol. 406, pp. 280–287). Springer, Berlin, Heidelberg. Epstein, M. L., & Brosvic, G. M. (2002). Students Prefer the Immediate Feedback Assessment Technique. Psychological Reports, 90(3_suppl), 1136–1138. Attali, Y. (2015). Effects of multiple-try feedback and question type during mathematics problem solving on performance in similar problems. Computers & Education, 86, 260–267. Nagarajan, A., Allbeck, J. M., Sood, A., & Janssen, T. L. (2012). Exploring game design for cybersecurity training. In 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER) (pp. 256–262). IEEE. 30 The importance of authenticity in cyber security training and education
  31. 31. References Willems, C., & Meinel, C. (2012). Online assessment for hands-on cyber security training in a virtual lab. In Proceedings of the 2012 IEEE Global Engineering Education Conference (EDUCON) (pp. 1–10). IEEE. Herrington, J., Oliver, R., & Reeves, T. C. (2003). Patterns of engagement in authentic online learning environments. Australasian Journal of Educational Technology, 19(1). McLoughlin, C., & Reid, N. (2002). Seachange: design of online quiz questions to foster deep learning. Ascilite, 843–846. Fellenz, M. R. (2004). Using assessment to support higher level learning: The multiple choice item development assignment. Assessment and Evaluation in Higher Education, 29(6), 703–719. Yadav, T., & Rao, A. M. (2015). Technical Aspects of Cyber Kill Chain (pp. 438–452). Springer, Cham. 31 The importance of authenticity in cyber security training and education
  32. 32. Thank you customerservices@jisc.ac.uk jisc.ac.uk Juanjo Mata Edinburgh Napier University / Satisnet Ltd

×