5 research outputs found
Addressing Emerging Information Security Personnel Needs. A Look at Competitions in Academia: Do Cyber Defense Competitions Work?
This paper is part of a proposed study that looks at the emerging information security personnel needs of organizations. We are attempting to explore the correlation between components of a regional cyber defense competition and an organization’s needs in terms of employing adequately trained information security personnel. We look to identify some unique characteristics of a regional academic cyber defense competition via the critical success factors method
AiCEF: An AI-assisted Cyber Exercise Content Generation Framework Using Named Entity Recognition
Content generation that is both relevant and up to date with the current
threats of the target audience is a critical element in the success of any
Cyber Security Exercise (CSE). Through this work, we explore the results of
applying machine learning techniques to unstructured information sources to
generate structured CSE content. The corpus of our work is a large dataset of
publicly available cyber security articles that have been used to predict
future threats and to form the skeleton for new exercise scenarios. Machine
learning techniques, like named entity recognition (NER) and topic extraction,
have been utilised to structure the information based on a novel ontology we
developed, named Cyber Exercise Scenario Ontology (CESO). Moreover, we used
clustering with outliers to classify the generated extracted data into objects
of our ontology. Graph comparison methodologies were used to match generated
scenario fragments to known threat actors' tactics and help enrich the proposed
scenario accordingly with the help of synthetic text generators. CESO has also
been chosen as the prominent way to express both fragments and the final
proposed scenario content by our AI-assisted Cyber Exercise Framework (AiCEF).
Our methodology was put to test by providing a set of generated scenarios for
evaluation to a group of experts to be used as part of a real-world awareness
tabletop exercise
Guidelines for cybersecurity education campaigns
In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children
A brain-compatible approach to the presentation of cyber security educational material
Information is an extremely important asset in modern society. It is used in most daily activities and transactions, and, thus, the importance of information is acknowledged by both organisational and private home information users. Unfortunately, as with any asset, there are often threats to this asset and, therefore, an information security solution is required to protect information against potential threats. Human beings play a major role in the implementation and governing of an entire information security process and, therefore, they have responsibilities in this regard. Thus, the effectiveness of any information security solutions in either an organisational or a private context is dependent on the human beings involved in the process. Accordingly, if these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in the information security solutions and, thus, it is essential that all these information users be educated in order to combat any threats to the information security. Many of the current information security education programmes and materials are not effective, possibly because the majority of these current approaches have been designed without using a sound pedagogical theory. In addition, many of these programmes also only target organisational users. This, in turn, is problematic as information security education is required by everybody, organisational and private information users alike. This dissertation addressed the lack of a pedagogical basis in the designing of information security educational courses suited to an extremely broad target audience. Accordingly, the dissertation set out to demonstrate how a pedagogy, which is broadly used and accepted for a diverse target audience of learners, could be applied to the design of the presentation of a web based, cyber security educational courses