|
Design Insider Threat Hands-on Labs et al., 2007)
are the focus
of this study also noted in previous sections. There are four important milestones to focus on in order to build an effective,
coherent, and usable training module in CyberCIEGE, those are: how these attacks happen?; why they happen?; the steps that
insiders take to perform their attacks; and the inexistent defense mechanisms that the victim organization needs to implement in
the form of hardware, software and information security policies. Focus on these milestones will guide the development of the
module and training scenarios.
Passive education taught in the traditional classroom does not help students internalize and learn the security concepts taught.
The interactive teaching tools are far better than simply power point lectures where students are passively listening and learning
by doing is main active learning meth we are adopting in this project (Chi et al., 2013). CyberCIEGE SDKwill use to create hands-
on labs. This technology promotes active learning, which has been proved effective in domain-specific knowledge internalization.
This will give a higher degree of confidence that the trainee will be effective in applying his security skills in case he is faced with
a real insider threat attack. These attacks have three main purposes according to specialists from CERT: (1) destruction, (2)
misuse or corruption, and (3) theft of assets. All hands-on labs attempt to show the mechanisms that favor these attacks. These
mechanisms can be e.g., the absence of security policies at the workstation or network level. Then the trainee will apply the
corrective actions such as the creation and application of security policies to avoid these attacks.
The rest of this paper is organized as following: in Section 2, an introduction to in-depth insider threat training programs and an
overview of CyberCIEGE SDK will be provided in detail. Section 3 provides related work. Section 4 will give details of the
implementation training modules via CyberCIEGE. Section 5 will discuss a small number of student feedback and lessons we
have learned. In Section 6, conclusions will be outlined.
|
| |
