• et al., 2007)
  • Design Insider Threat Hands-on Labs




    Download 347,92 Kb.
    Pdf ko'rish
    bet4/10
    Sana17.05.2024
    Hajmi347,92 Kb.
    #240858
    1   2   3   4   5   6   7   8   9   10
    2. Training Tools
    CyberCIEGE (
    http://cisr.nps.edu/cyberciege/ 
    ) covers over 20 game scenarios that address a variety of security concepts.
    CyberCIEGE is built around the Scenario Definition Language (SDL) that lets the player create and customize the game scenarios.
    Game designers are responsible for creating the scenarios using the Scenario Development Kit (SDK). After they build them,
    scenarios are compiled and a SDL is generated. This SDL is the one that will be used by CyberCIEGE game engine (Cone
     et al.,
    2007)
    .
    There are two principal roles to be filled in the use of the CyberCIEGE tool - a scenario designer and a player. The player is the
    trainee and the scenario designer is the one designing and developing the training module.
    During initial set up of the tool, a lab will be created by a scenario designer. This designer will layout the starting settings in a
    virtual company. Starting settings are the number and credentials of virtual users, the initial hardware, software, security
    mechanisms, and policies that are put in place. The initial assets and their correlating values will be determined as well by the
    scenario designer. The importance of a particular asset to the company determines that asset’s value as well as the level of a
    protection mechanism put in place for said asset. Attackers will almost always go after the most valuable information asset.
    Another and very important aspect of the set up by the scenario designer is to engineer attack(s) within the module.


    36
    Information Security Education Journal Volume 2 Number 1 June 2015
    Figure 1. Insider Threat Training Overview
    The player (a network security specialist, security manager, etc.) will be in charge of giving virtual users access to assets to keep
    them productive but also needs to put security mechanisms in place in order to avoid attacks. The player has to keep a balance
    between productivity and security, and also protect against attacks without overwhelming the users with too many security
    mechanisms. The player’s actions are the ones that will counteract or allow an attack to happen. These actions are: password
    management, zones and methods of physically protecting assets, network filters, operating system and application patching,
    basic key management, encryption and PKI, use of SSL and TLS, user identity, mandatory access controls, etc. By the end of a
    game session a log will be generated detailing the player’s actions.
    These are some of the capabilities provided by CyberCIEGE and that this study will attempt to use with the purpose of training
    and educating through this module on how to detect and control insider threat attacks and implement defense mechanisms
    against them. The intended audiences are mainly information assurance students, cyber security professionals, computer
    security specialists, and also any user who need training in this area. An overview of this study can be seen in Figure1.
    As stated before, the scenario will be built using the 3D gaming-like tool called CyberCIEGE that has been proven very useful
    in active learning and internalization of knowledge by students and professionals in United States. CyberCIEGE has been used
    by the U.S. Navy, Army, Air Force, Marines and other Federal Government officers and employees. It has also been used in
    colleges and schools. CyberCIEGE is similar to Sims, the popular resource management game. In the same fashion as resources
    are managed in Sims, resources are managed in CyberCIEGE. Where in Sims those resources are city infrastructure, in CyberCIEGE
    resources are hardware, software, and security policies to be put in place, or reinforced if already existent, with the purpose to
    detect and eliminate cyber threat attacks. Trainees can play the game as many times as needed until they internalize the
    knowledge and become acclimated to the scenarios of the game. The aim is to train players so they can use these information
    security skills in real world scenarios when faced with these threat situations. There are many different pre-programmed
    scenarios in CyberCIEGE including stop worms, life with macros, identity theft, etc., but there’s no pre-existing scenario
    specifically tailored towards insider threats.
    There are multimedia-online tools aimed at teaching cyber security (Du, 2010; Guo et al., 2013). These tools are very different
    from the traditional classroom setting. For example, one of these tools is the Next Generation Security Game which is an internet
    based game that has eleven sequential levels that the student or trainee needs to go through. These levels are challenging
    scenarios presented to the player and he/she needs to solve that challenge in order to reach the next level. There’s another tool
    called CyberProtect, developed by US DoD’s Defense Information Systems Agency (DISA) in conjunction with several
    entertainment software companies. The purpose of these games is to entertain but most importantly teach security concepts to
    professional workers. Another training program is called Department of Defense Information Assurance Awareness Video
    (DoDIAA). Both CryberProtect and DoDIAA are for DoD employees. There are studies where comparisons have been made
    between this online, interactive, 3-dimemsional games and the traditional classroom setup. The conclusions are that these
    interactive games are better in achieving the purpose of teaching and internalizing the knowledge by the student (Jones

    Download 347,92 Kb.
    1   2   3   4   5   6   7   8   9   10




    Download 347,92 Kb.
    Pdf ko'rish