CyberEscape Approach to Advancing Hard and Soft Skills in Cybersecurity Education

Incorporating gamification elements and innovative approaches in training and educational programs are promising for addressing cybersecurity knowledge gaps. Cybersecurity training should consider a combination of hard and soft skills to deal with the diversity of cyber incidents. Therefore, this research aims to investigate if soft skills such as communication and collaboration enhances students’ performance in practical task execution and if the CyberEscape approach promotes students engagement and self-efficacy. This paper presents a cybersecurity game CyberEscape based on the intervention mapping methodology previously defined in the research. A virtualised infrastructure simulating the business environment works as a hybrid escape room. Physical resources and prepared information materials complement the game to support the scenario and ensure student engagement. The work employs a multiple-methods research approach. Participants filled out questionnaires in the pre-event and post-execution phases. Additionally, the participants were involved in small group semistructured interviews. Results of the pilot study show a positive impact on student competence improvement and increased interest in cybersecurity.acceptedVersio

A semantic based framework for software regulatory compliance

Software development market is currently witnessing an increasing demand for software applications conformance with the international regime of GRC for Governance, Risk and Compliance. In this thesis, we propose a compliance requirement analysis method for early stages of software development based on a semantically-rich model, where a mapping can be established from legal and regulatory requirements relevant to system context to software system goals and contexts. This research is an attempt to address the requirement of General Data Protection Regulation (GDPR, Article 25) (European Commission) for implementation of a "privacy by design” approach as part of organizational IT-systems and processes. It requires design of data protection requirements in the development of business processes for products and services. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance and risk assessment domain related to system development along with relationships and rules between concepts that compromise the domain knowledge. The main contribution of the work presented in this paper is a novel ontology-based framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology. The semantic modelling of each component of framework can highly influence the compliance of developing software system and enables the reusability, adaptability and maintainability of these components. Through the discrete modelling of these components, the flexibility and extensibility of compliance systems will be improved. Additionally, enriching ontologies with semantic rules increases the reasoning power and helps to represent rules of laws, regulations and guidelines for compliance, also mapping, refinement and inheriting of different components from each other. This novel approach offers a pedagogically effective and satisfactory learning experience for developers and compliance officers to be trained in area of compliance and query for knowledge in this domain. This thesis offers the theoretical models, design and implementation of a compliance system in accordance with this approach