36
Information Security Education Journal Volume 2 Number 1 June 2015
Figure 1. Insider Threat Training Overview
The player (a network security specialist, security manager, etc.) will be in charge of giving virtual users access to assets to keep
them productive but also needs to put security mechanisms in place in order to avoid attacks. The player has to keep a balance
between productivity and security, and also protect against attacks without overwhelming the users with too many security
mechanisms. The player’s actions are the ones that will counteract or allow an attack to happen. These actions are: password
management, zones and methods of physically protecting assets, network filters, operating system and application patching,
basic key management, encryption and PKI, use of SSL and TLS, user identity, mandatory access controls, etc. By the end of a
game session a log will be generated detailing the player’s actions.
These are some of the capabilities provided by CyberCIEGE and that this study will attempt to use with the purpose of training
and educating through this module on how to detect and control insider threat attacks and implement defense mechanisms
against them. The intended audiences are mainly information assurance students, cyber security professionals, computer
security specialists, and also any user who need training in this area. An overview of this study can be seen in Figure1.
As stated before, the scenario will be built using the 3D gaming-like tool called CyberCIEGE that has been proven very useful
in active learning and internalization of knowledge by students and professionals in United States. CyberCIEGE has been used
by the U.S. Navy, Army, Air Force, Marines and other Federal Government officers and employees. It has also been used in
colleges and schools. CyberCIEGE is similar to Sims, the popular resource management game. In the same fashion as resources
are managed in Sims, resources are managed in CyberCIEGE. Where in Sims those resources are city infrastructure, in CyberCIEGE
resources are hardware, software, and security policies to be put in place, or reinforced if already existent, with the purpose to
detect and eliminate cyber threat attacks. Trainees can play the game as many times as needed until they internalize the
knowledge and become acclimated to the scenarios of the game. The aim is to train players so they can use these information
security skills in real world scenarios when faced with these threat situations. There are many different pre-programmed
scenarios in CyberCIEGE including stop worms, life with macros, identity theft, etc., but there’s no pre-existing scenario
specifically tailored towards insider threats.
There are multimedia-online tools aimed at teaching cyber security (Du, 2010; Guo et al., 2013). These tools are very different
from the traditional classroom setting. For example, one of these tools is the Next Generation Security Game which is an internet
based game that has eleven sequential levels that the student or trainee needs to go through. These levels are challenging
scenarios presented to the player and he/she needs to solve that challenge in order to reach the next level. There’s another tool
called CyberProtect, developed by US DoD’s Defense Information Systems Agency (DISA) in conjunction with several
entertainment software companies. The purpose of these games is to entertain but most importantly teach security concepts to
professional workers. Another training program is called Department of Defense Information Assurance Awareness Video
(DoDIAA). Both CryberProtect and DoDIAA are for DoD employees. There are studies where comparisons have been made
between this online, interactive, 3-dimemsional games and the traditional classroom setup. The conclusions are that these
interactive games are better in achieving the purpose of teaching and internalizing the knowledge by the student (Jones