 |
Cybersecurity Education 2015 |
As a discipline in higher education, cybersecurity is less than two decades old. But because of the large number of qualified professionals needed, many universities offer cybersecurity education in a variety of delivery formats—live, online, and hybrid. Much of the curriculum has been driven by NSTISSI standards written in the early 1990s. The articles cited here look at aspects of curriculum, methods, evaluation, and support technologies. They were published in 2015.
Salah, K.; Hammoud, M.; Zeadally, S., “Teaching Cybersecurity Using the Cloud,” in Learning Technologies, IEEE Transactions on, vol. 8, no. 4, pp. 383–392, Oct.–Dec. 1 2015. doi:10.1109/TLT.2015.2424692
Abstract: Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our experience when using cloud computing to teach a senior course on cybersecurity across two campuses via a virtual classroom equipped with live audio and video. Furthermore, based on this teaching experience, we propose guidelines that can be applied to teach similar computer science and engineering courses. We demonstrate how cloud-based laboratory exercises can greatly help students in acquiring crucial cybersecurity skills as well as cloud computing ones, which are in high demand nowadays. The cloud we used for this course was the Amazon Web Services (AWS) public cloud. However, our presented use cases and approaches are equally applicable to other available cloud platforms such as Rackspace and Google Compute Engine, among others.
Keywords: Web services; cloud computing; computer science education; educational courses; security of data; teaching; virtual machines; AWS public cloud; Amazon Web Services public cloud; Google Compute Engine; Rackspace; cloud computing platforms; cloud-based laboratories; computer engineering courses; computer science courses; cybersecurity; teaching; virtual classroom; Cloud computing; Computer crime; Computer security; Education; Network security; Amazon AWS; Cloud Computing; Computer Security; Cybersecurity; Education; Network Security; computer security; education; network security(ID#: 15-7714)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7089256&isnumber=4620077
Mishra, S.; Raj, R.K.; Romanowski, C.J.; Schneider, J.; Critelli, A., “On Building Cybersecurity Expertise in Critical Infrastructure Protection,” in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, vol., no.,
pp. 1–6, 14–16 April 2015. doi:10.1109/THS.2015.7225263
Abstract: Cybersecurity professionals need training in critical infrastructure protection (CIP) to prepare them for solving problems in design, implementation, and maintenance of infrastructure assets. However, two major roadblocks exist: (1) the lack of necessary skills sets and (2) the frequent need for updates due to rapid changes in computing disciplines. To address these issues and build the needed expertise, this paper proposes a flexible training framework for integrating CIP into cybersecurity training. The foundation of this framework is a set of self-contained training modules; each module is a distinct unit for use by an instructor. Modules are meant to be integrated at different levels, with subsequent modules building on those presented earlier. As these modules are designed for frequent updating and/or replacement, the proposed approach is flexible. This paper develops the generalized CIP module-based training framework and outlines sample introductory and advanced training modules.
Keywords: computer science education; critical infrastructures; national security; security of data; training; CIP module-based training framework; building cybersecurity expertise; critical infrastructure protection; cybersecurity training; flexible training framework; infrastructure asset maintenance; self-contained training module; skill set; Computer security; Network topology; Routing protocols; Topology; Training; Wireless communication; cybersecurity; training modules (ID#: 15-7715)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225263&isnumber=7190491
Dark, M.; Mirkovic, J., “Evaluation Theory and Practice Applied to Cybersecurity Education,” in Security & Privacy, IEEE,
vol. 13, no. 2, pp. 75–80, Mar.–Apr. 2015. doi:10.1109/MSP.2015.27
Abstract: As more institutions, organizations, schools, and programs launch cybersecurity education programs in an attempt to meet needs that are emerging in a rapidly changing environment, evaluation will be important to ensure that programs are having the desired impact.
Keywords: educational institutions; security of data; cybersecurity education programs; cybersecurity environment; evaluation theory; schools; Computer security; Design methodology; Game theory; Performance evaluation; Program logic; Reliability; cybersecurity; evaluation design; formative evaluation; measurement; metrics; program logic; reliability; summative evaluation; validity (ID#: 15-7716)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7085972&isnumber=7085640
Tunc, Cihan; Hariri, Salim; Montero, Fabian De La Peña; Fargo, Farah; Satam, Pratik, “CLaaS: Cybersecurity Lab as a Service—Design, Analysis, and Evaluation,” in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, vol., no., pp. 224–227, 21–25 Sept. 2015. doi:10.1109/ICCAC.2015.34
Abstract: The explosive growth of IT infrastructures, cloud systems, and Internet of Things (IoT) have resulted in complex systems that are extremely difficult to secure and protect against cyberattacks that are growing exponentially in the complexity and also in the number. Overcoming the cybersecurity challenges require cybersecurity environments supporting the development of innovative cybersecurity algorithms and evaluation of the experiments. In this paper, we present the design, analysis, and evaluation of the Cybersecurity Lab as a Service (CLaaS) which offers virtual cybersecurity experiments as a cloud service that can be accessed from anywhere and from any device (desktop, laptop, tablet, smart mobile device, etc.) with Internet connectivity. We exploit cloud computing systems and virtualization technologies to provide isolated and virtual cybersecurity experiments for vulnerability exploitation, launching cyberattacks, how cyber resources and services can be hardened, etc. We also present our performance evaluation and effectiveness of CLaaS experiments used by students.
Keywords: Cloud computing; Computer crime; IP networks; Servers; Virtualization; CLaaS; cybersecurity; education; virtual lab; virtualization (ID#: 15-7717)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312161&isnumber=7312127
Tunc, Cihan; Hariri, Salim; Montero, Fabian De La Peña; Fargo, Farah; Satam, Pratik; Al-Nashif, Youssif, “Teaching and Training Cybersecurity as a Cloud Service,” in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, vol., no.,
pp. 302–308, 21–25 Sept. 2015. doi:10.1109/ICCAC.2015.47
Abstract: The explosive growth of IT infrastructures, cloud systems, and Internet of Things (IoT) have resulted in complex systems that are extremely difficult to secure and protect against cyberattacks which are growing exponentially in complexity and in number. Overcoming the cybersecurity challenges is even more complicated due to the lack of training and widely available cybersecurity environments to experiment with and evaluate new cybersecurity methods. The goal of our research is to address these challenges by exploiting cloud services. In this paper, we present the design, analysis, and evaluation of a cloud service that we refer to as Cybersecurity Lab as a Service (CLaaS) which offers virtual cybersecurity experiments that can be accessed from anywhere and from any device (desktop, laptop, tablet, smart mobile device, etc.) with Internet connectivity. In CLaaS, we exploit cloud computing systems and virtualization technologies to provide virtual cybersecurity experiments and hands-on experiences on how vulnerabilities are exploited to launch cyberattacks, how they can be removed, and how cyber resources and services can be hardened or better protected. We also present our experimental results and evaluation of CLaaS virtual cybersecurity experiments that have been used by graduate students taking our cybersecurity class as well as by high school students participating in GenCyber camps.
Keywords: Cloud computing; Computer crime; Network interfaces; Protocols; Servers; CLaaS; and cloud computing; cybersecurity experiments; education; virtual cloud services; virtualization (ID#: 15-7718)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312173&isnumber=7312127
Samtani, S.; Chinn, R.; Hsinchun Chen, “Exploring Hacker Assets in Underground Forums,” in Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on, vol., no., pp. 31–36, 27–29 May 2015. doi:10.1109/ISI.2015.7165935
Abstract: Many large companies today face the risk of data breaches via malicious software, compromising their business. These types of attacks are usually executed using hacker assets. Researching hacker assets within underground communities can help identify the tools which may be used in a cyberattack, provide knowledge on how to implement and use such assets and assist in organizing tools in a manner conducive to ethical reuse and education. This study aims to understand the functions and characteristics of assets in hacker forums by applying classification and topic modeling techniques. This research contributes to hacker literature by gaining a deeper understanding of hacker assets in well-known forums and organizing them in a fashion conducive to educational reuse. Additionally, companies can apply our framework to forums of their choosing to extract their assets and appropriate functions.
Keywords: Internet; computer crime; pattern classification; attack types; classification techniques; cyberattack; data breaches; educational reuse; ethical reuse; hacker assets; hacker forums; malicious software; topic modeling techniques; underground communities; underground forums; Decision support systems; Feature extraction; Labeling; Resource management; Support vector machines; Tutorials; cybersecurity; topic modeling (ID#: 15-7719)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7165935&isnumber=7165923
Bashir, Masooda; Lambert, April; Guo, Boyi; Memon, Nasir; Halevi, Tzipora, “Cybersecurity Competitions: The Human Angle,” in Security & Privacy, IEEE, vol. 13, no. 5, pp. 74–79, Sept.–Oct. 2015. doi:10.1109/MSP.2015.100
Abstract: As a first step in a larger research program, the authors surveyed Cybersecurity Awareness Week participants. By better understanding the characteristics of those who attend such events, they hope to design competitions that will inspire students to pursue cybersecurity careers.
Keywords: Computer crime; Computer security; Education; Engineering profession; Privacy; cybercrime; cybersecurity competitions; education; security (ID#: 15-7720)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7310819&isnumber=7310797
Rajamäki, J., “Cyber Security Education as a Tool for Trust-Building in Cross-Border Public Protection and Disaster Relief Operations,” in Global Engineering Education Conference (EDUCON), 2015 IEEE, vol., no., pp. 371–378, 18–20 March 2015. doi:10.1109/EDUCON.2015.7095999
Abstract: Public protection and disaster relief (PPDR) operations are increasingly more dependent on networks and data processing infrastructure. Incidents such as natural hazards and organized crime do not respect national boundaries. As a consequence, there is an increased need for European collaboration and information sharing related to public safety communications (PSC) and information exchange technologies and procedures - and trust is the keyword here. According to our studies, the topic “trust-building” could be seen as the most important issue with regard to multi-agency PPDR cooperation. Cyber security should be seen as a key enabler for the development and maintenance of trust in the digital world. It is important to complement the currently dominating “cyber security as a barrier” perspective by emphasizing the role of “cyber security as an enabler” of new business, interactions, and services - and recognizing that trust is a positive driver for growth. Public safety infrastructure is becoming more dependent on unpredictable cyber risks. Everywhere, present computing means that PPDR agencies do not know when they are using dependable devices or services, and there are chain reactions of unpredictable risks. If cyber security risks are not made ready, PPDR agencies, like all organizations, will face severe disasters over time. Investing in systems that improve confidence and trust can significantly reduce costs and improve the speed of interaction. From this perspective, cyber security should be seen as a key enabler for the development and maintenance of trust in the digital world, and it has the following themes: security technology, situation awareness, security management and resiliency. Education is the main driver for complementing the currently dominating “cyber security as a barrier” perspective by emphasizing the role of “cyber security as an enabler”.
Keywords: computer aided instruction; computer science education; emergency management; trusted computing; PPDR operation; PSC; cross-border public protection operation; cyber security education; cybersecurity-as-a-barrier perspective; cybersecurity-as-an-enabler perspective; disaster relief operation; information exchange; multiagency PPDR cooperation; public safety communications; resiliency theme; security management theme; security technology theme; situation awareness theme; trust building; Computer security; Education; Europe; Organizations; Safety; Standards organizations; cyber security; education; public protection and disaster relief; trust-building (ID#: 15-7721)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7095999&isnumber=7095933
Gestwicki, P.; Stumbaugh, K., “Observations and Opportunities in Cybersecurity Education Game Design,” in Computer Games: AI, Animation, Mobile, Multimedia, Educational and Serious Games (CGAMES), 2015, vol., no., pp. 131–137, 27–29 July 2015. doi:10.1109/CGames.2015.7272970
Abstract: We identify three challenges in cybersecurity education that could be addressed through game-based learning: conveying cybersecurity fundamentals, assessment of understanding, and recruitment and retention of professionals. By combining established epistemologies for cybersecurity with documented best practices for educational game design, we are able to define four research questions about the state of cybersecurity education games. Our attention is focused on games for ages 12-18 rather than adult learners or professional development. We analyze 21 games through the lens of our four research questions, including games that are explicitly designed to teach cybersecurity concepts as well as commercial titles with cybersecurity themes; in the absence of empirical evidence of these games’ efficacy, our analysis frames these games within educational game design theory. This analysis produces a three-tier taxonomy of games: those whose gameplay is not associated with cybersecurity education content (Type 1); those that integrate multiple-choice decisions only (Type 2); and those that integrate cybersecurity objectives into authentic gameplay activity (Type 3). This analysis reveals opportunities for new endeavors to incorporate multiple perspectives and to scaffold learners progression from the simple games to the more complex simulations.
Keywords: computer aided instruction; computer games; security of data; authentic gameplay activity; cybersecurity education content; cybersecurity education game design; cybersecurity fundamentals; cybersecurity objectives; cybersecurity themes; educational game design theory; game three-tier taxonomy; game-based learning; learners progression; multiple-choice decisions; professionals recruitment; professionals retention; Computer crime; Computers; Education; Games; Taxonomy; cybersecurity education; educational games; game analysis; game design (ID#: 15-7722)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7272970&isnumber=7272892
Mirkovic, Jelena; Dark, Melissa; Wenliang Du; Vigna, Giovanni; Denning, Tamara, “Evaluating Cybersecurity Education Interventions: Three Case Studies,” in Security & Privacy, IEEE, vol. 13, no. 3, pp. 63–69, May–June 2015. doi:10.1109/MSP.2015.57
Abstract: The authors collaborate with cybersecurity faculty members from different universities to apply a five-step approach in designing an evaluation for education interventions. The goals of this exercise were to show how to design an evaluation for a real intervention from beginning to end, to highlight the common intervention goals and propose suitable evaluation instruments, and to discuss the expected investment of time and effort in preparing and performing the education evaluations.
Keywords: computer science education; educational institutions; security of data; cybersecurity education interventions; education evaluations; universities; Computer security; Education; Performance evaluation; Sociology; control-alt-hack; cybersecurity education; education intervention; evaluation design; iCTF; intervention evaluation; security; seed labs (ID#: 15-7723)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7118092&isnumber=7118073
Geoffrey L. Herman, Ronald Dodge; “Creating Assessment Tools for Cybersecurity Education,” (Abstract Only), in SIGCSE’15 Proceedings of the 46th ACM Technical Symposium on Computer Science Education, February 2015, Pages 696–696.
doi:10.1145/2676723.2691863
Abstract: Recent large-scale data breaches such as the credit card scandals of Target and Home Depot have significantly raised the public awareness of the importance of the security of their data and personal information. These incidents highlight a growing need and urgency to develop the cybersecurity infrastructure of our country and in the world. The development of ACM’s Computer Science Curriculum 2013 and the National Initiative for Cybersecurity Education framework further highlight the growing importance of cybersecurity in computing education. Critically, recent studies predict that there will be a significant demand for cybersecurity professionals in the coming years, yet there is a lack of rigorous evidence-based infrastructure to advise educators on how best to engage, inform, educate, nurture, and retain cybersecurity students and how best to structure cybersecurity curricula to prepare new professionals for careers in this field. The development of validated assessment tools of student learning provide one means for increasing the rigor with which we make pedagogical and curricular decisions. During this Birds of a Feather session, participants will engage in a structured dialogue to identify what assessment tools are needed to improve cybersecurity education. Further, participants will provide feedback on initial efforts to identify a core set of concepts and skills that will be essential for students’ success in cybersecurity fields.
Keywords: assessment, computer science education, concept inventories, cybersecurity (ID#: 15-7724)
URL: http://doi.acm.org/10.1145/2676723.2691863
Christopher Herr, Dennis Allen; “Video Games as a Training Tool to Prepare the Next Generation of Cyber Warriors,” in SIGMIS-CPR ’15 Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, June 2015,
Pages 23–29. doi:10.1145/2751957.2751958
Abstract: There is a global shortage of more than 1 million skilled cybersecurity professionals needed to address current cybersecurity challenges [5]. Criminal organizations, nation-state adversaries, hacktavists, and numerous other threat actors continuously target business, government, and even critical infrastructure networks. Estimated losses from cyber crime and cyber espionage amount to hundreds of billions annually [4]. The need to build, maintain, and defend computing resources is greater than ever before. A novel approach to closing the cybersecurity workforce gap is to develop cutting-edge cybersecurity video games that (1) grab the attention of young adults, (2) build a solid foundation of information security knowledge and skills, (3) inform players of potential career paths, and (4) establish a passion that drives them through higher education and professional growth. Although some video games and other games do exist, no viable options are available that target high-school-age students and young adults that supply both a quality gaming experience and foster the gain of key cybersecurity knowledge and skills. Given the Department of Defense’s success with simulations and gaming technology, its sponsorship of a cybersecurity video game could prove extremely valuable in addressing the current and future needs for our next generation cyber warriors.
Keywords: cybersecurity education, cybersecurity game based learning, cybersecurity games, video games, video gaming (ID#: 15-7725)
URL: http://doi.acm.org/10.1145/2751957.2751958
Diana L. Burley, Barbara Endicott-Popovsky; “Focus Group: Developing a Resilient, Agile Cybersecurity Educational System (RACES),” in SIGMIS-CPR ’15 Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, June 2015, Pages 13–14. doi:10.1145/2751957.2756530
Abstract: (not provided)
Keywords: accreditation, cybersecurity, it workforce (ID#: 15-7726)
URL: http://doi.acm.org/10.1145/2751957.2756530
Edward Sobiesk, Jean Blair, Gregory Conti, Michael Lanham, Howard Taylor; “Cyber Education: A Multi-Level, Multi-Discipline Approach,” in SIGITE ’15 Proceedings of the 16th Annual Conference on Information Technology Education, September 2015, Pages 43–47. doi:10.1145/2808006.2808038
Abstract: The purpose of this paper is to contribute to the emerging dialogue on the direction, content, and techniques involved in cyber education. The principle contributions of this work include a discussion on the definition of cyber and then a description of a multi-level, multi-discipline approach to cyber education with the goal of providing all educated individuals a level of cyber education appropriate for their role in society. Our work assumes cyber education includes technical and non-technical content at all levels. Our model formally integrates cyber throughout an institution’s entire curriculum including within the required general education program, cyber-related electives, cyber threads, cyber minors, cyber-related majors, and cyber enrichment opportunities, collectively providing the foundational knowledge, skills, and abilities needed to succeed in the 21st Century Cyber Domain. To demonstrate one way of instantiating our multi-level, multi-discipline approach, we describe how it is implemented at our institution. Overall, this paper serves as a call for further discussion, debate, and effort on the topic of cyber education as well as describing our innovative model for cyber pedagogy.
Keywords: cyber, cyber education paradigm, cyber security, multi-discipline cyber education, multi-level cyber education
(ID#: 15-7727)
URL: http://doi.acm.org/10.1145/2808006.2808038
Daniel Manson, Portia Pusey, Mark J. Hufe, James Jones, Daniel Likarish, Jason Pittman, David Tobey,” The Cybersecurity Competition Federation,” in SIGMIS-CPR ’15 Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, June 2015, Pages 109–112. doi:10.1145/2751957.2751980
Abstract: In a time of global crisis in cybersecurity, competitions and related activities are rapidly emerging to provide fun and engaging ways of developing and assessing cybersecurity knowledge and skills. However, there is no neutral organization that brings them together to promote collective efforts and address common issues. This paper will describe the rationale and process for developing the Cybersecurity Competition Federation (CCF) (National Science Foundation Award DUE- 134536) which was created to facilitate a community that promotes cybersecurity competitions and related activities. CCF’s vision is to maintain an engaged and thriving ecosystem of cybersecurity competitions and related activities to build career awareness and cybersecurity skill to address a global shortage of cybersecurity professionals.
Keywords: aptitude, competency model, critical incident, cyber defense competition, game balance, job performance model, ksa, talent management, vignette (ID#: 15-7728)
URL: http://doi.acm.org/10.1145/2751957.2751980
Sandro Fouché, Andrew H. Mangle; “Code Hunt as Platform for Gamification of Cybersecurity Training,” in CHESE 2015 Proceedings of the 1st International Workshop on Code Hunt Workshop on Educational Software Engineering, July 2015,
Pages 9–11. doi:10.1145/2792404.2792406
Abstract: The nation needs more cybersecurity professionals. Beyond just a general shortage, women, African Americans, and Latino Americans are underrepresented in the field. This not only contributes to the scarcity of qualified cybersecurity professionals, but the absence of diversity leads to a lack of perspective and differing viewpoints. Part of the problem is that cybersecurity suffers from barriers to entry that include expensive training, exclusionary culture, and the need for costly infrastructure. In order for students to start learning about cybersecurity, access to training, infrastructure and subject matter experts is imperative. The existing Code Hunt framework, used to help students master programming, could be a springboard to help reduce the challenges facing students interested in cybersecurity. Code Hunt offers gamification, community supported development, and a cloud infrastructure that provides an on-ramp to immediate learning. Leveraging Code Hunt’s structured gaming model can addresses these weaknesses and makes cybersecurity training more accessible to those without the means or inclination to participate in more traditional cybersecurity competitions.
Keywords: Cybersecurity, Education, Gamification, Software Testing (ID#: 15-7729)
URL: http://doi.acm.org/10.1145/2792404.2792406
Craig A. Stewart, Timothy M. Cockerill, Ian Foster, David Hancock, Nirav Merchant, Edwin Skidmore, Daniel Stanzione, James Taylor, Steven Tuecke, George Turner, Matthew Vaughn, Niall I. Gaffney; “Jetstream: A Self-Provisioned, Scalable Science and Engineering Cloud Environment,” in XSEDE ’15 Proceedings of the 2015 XSEDE Conference: Scientific Advancements Enabled by Enhanced Cyberinfrastructure, July 2015, Article No. 29. doi:10.1145/2792745.2792774
Abstract: Jetstream will be the first production cloud resource supporting general science and engineering research within the XD ecosystem. In this report we describe the motivation for proposing Jetstream, the configuration of the Jetstream system as funded by the NSF, the team that is implementing Jetstream, and the communities we expect to use this new system. Our hope and plan is that Jetstream, which will become available for production use in 2016, will aid thousands of researchers who need modest amounts of computing power interactively. The implementation of Jetstream should increase the size and disciplinary diversity of the US research community that makes use of the resources of the XD ecosystem.
Keywords: atmosphere, big data, cloud computing, long tail of science (ID#: 15-7730)
URL: http://doi.acm.org/10.1145/2792745.2792774
Richard S. Weiss, Stefan Boesen, James F. Sullivan, Michael E. Locasto, Jens Mache, Erik Nilsen; “Teaching Cybersecurity Analysis Skills in the Cloud,” in SIGCSE ’15 Proceedings of the 46th ACM Technical Symposium on Computer Science Education, February 2015, Pages 332–337. doi:10.1145/2676723.2677290
Abstract: This paper reports on the experience of using the EDURange framework, a cloud-based resource for hosting on-demand interactive cybersecurity scenarios. Our framework is designed especially for the needs of teaching faculty. The scenarios we have implemented each are designed specifically to nurture the development of analysis skills in students as a complement to both theoretical security concepts and specific software tools. Our infrastructure has two features that make it unique compared to other cybersecurity educational frameworks. First, EDURange is scalable because it is hosted on a commercial, large-scale cloud environment. Second, EDURange supplies instructors with the ability to dynamically change the parameters and characteristics of exercises so they can be replayed and adapted to multiple classes. Our framework has been used successfully in classes and workshops for students and faculty. We present our experiences building the system, testing it, and using feedback from surveys to improve the system and boost user interest.
Keywords: analysis skills, edurange, hacker curriculum, offensive security (ID#: 15-7731)
URL: http://doi.acm.org/10.1145/2676723.2677290
Indira R. Guzman, Thomas Hilton, Miguel (Mike) O. Villegas, Michelle Kaarst-Brown, Jason James, Ashraf Shirani, Shuyuan Mary Ho, Diane Lending; “Panel: Cybersecurity Workforce Development,” in SIGMIS-CPR ’15 Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, June 2015, Pages 15–17. doi:10.1145/2751957.2756529
Abstract: Information Officers (NASCIO) in the United States the number one strategic management priority in 2014 is security. It is therefore imperative for managers to have qualified IT security professionals in order to effectively secure the network infrastructure, protect information, diagnose and manage attacks remediating damage or losses and preparing for disaster recovery to prevent future security attacks. A single cyber security breach can cost a company hundreds of thousands of dollars. This increase in losses indicates that IT professionals have increased responsibilities in IT security within organizations. In this panel, we will discuss the range of factors that influence the development the cybersecurity workforce, the role that different stakeholders play to ensure IT security professionals are well qualified and have the necessary skills that they should have in order to perform an effective job of securing the network infrastructure of an organization (. In addition, we will share different strategies for addressing development needs of this increasingly needed cybersecurity workforce.
Keywords: accreditation, cybersecurity workforce, information security professionals, panel, professional certificates (ID#: 15-7732)
URL: http://doi.acm.org/10.1145/2751957.2756529
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.