• Keywords : Virtual Training, Insider Threats, Hands-on lab, Information Assurance, Active Learning, CyberCIEGE Recieved
  • Design Insider Threat Hands-on Labs




    Download 347,92 Kb.
    Pdf ko'rish
    bet1/10
    Sana17.05.2024
    Hajmi347,92 Kb.
    #240858
      1   2   3   4   5   6   7   8   9   10


    34
    Information Security Education Journal Volume 2 Number 1 June 2015
    Abstract: 
    Insider threat continues to be of serious concern to governmental organizations and private companies. Vulner-
    abilities of the digital information being shared through mobile devices and Internet clouds increases exponentially due to
    IT security mechanisms not being capable of controlling what is beyond company network limits. One of the solutions could
    include providing an effective interactive framework to train future and current Information Technology security profession-
    als and regular employees who need to be aware of these threats in order to avoid being a victim of insider attacks. There are
    few hands-on labs/modules available for training current students, the future information assurance professionals. This
    paper will classify the different actors and vectors involved in these attacks focusing specifically on Information Technology
    (IT) sabotage, theft of intellectual property and insider fraud. Then, we will describe how to design virtual hands-on labs
    mainly to current or future technology security professionals. The training hands-on labs will enhance trainee’s knowledge
    and practical security skills about how to mitigate insider threat attacks. In addition, the training hands-on labs will be
    implemented via CyberCIEGE, an innovative video game and tool to educate fundamental concepts for insider threat.
    Keywords
    : Virtual Training, Insider Threats, Hands-on lab, Information Assurance, Active Learning, CyberCIEGE
    Recieved
    : 10 January 2015, Revised 8 February 2015, Accepted 15 February 2015
    © 2015 DLINE. All Rights Reserved
    1. Introduction
    The Insider Threat attacks are concerns to organizations due to its devastating consequences ranging from financial loss,
    damage of reputation, loss of Intellectual Property, etc. The fact that insiders are in many cases current or former employees,
    interns, contractors and business partners makes it more difficult to track and determine routine normal behavior from anomalous
    conduct. This paper will develop hands-on labs based on a 3D virtual SDK so that we can train students and IT professionals
    to deal or be aware of insider threats. Those modules will show players/students how to detect, prevent and remediate insider
    threat attacks. An insider threat is generally a person who has or had authorized access to an organization’s network, system, or
    data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s
    information or information systems (CERT,n.d.).
    Insider threat attacks perpetrated against public and private institutions cost millions of dollars in losses due to theft of

    Download 347,92 Kb.
      1   2   3   4   5   6   7   8   9   10




    Download 347,92 Kb.
    Pdf ko'rish