• 7. References
  • Design Insider Threat Hands-on Labs




    Download 347,92 Kb.
    Pdf ko'rish
    bet9/10
    Sana17.05.2024
    Hajmi347,92 Kb.
    #240858
    1   2   3   4   5   6   7   8   9   10
    6. Conclusions
    In this paper, preliminary results are shown and concepts of insider threat are fundamentals of security education. Those hand-
    on labs are promising and helping students to master those basic insider threat issues. After students completed labs they
    should understand, remember and know how to apply insider threat concepts. Students exposed to those labs should show
    increased ability to handle and address specific insider threat issues. This approach can be replicated over time and more
    empirical evidences will be gained via continuing to insert insider threat concepts into information assurance curriculum. More
    importantly this paper study provides a theoretical and pragmatic foundation for further basic curriculum in training future


    Information Security Education Journal Volume 2 Number 1 June 2015
    41
    employees in identifying cyber threat in early stages, and broadens our ability to protect information systems and cyber-
    infrastructure against user-centric cyber threats.
    It is difficult to detect internal threats within an organization. The trend of “Bring Your Own Device” (BYOD) and the increasing
    development of cloud computing environments have increased the risks of malice data leakage. Additional hands-on labs based
    on cloud computing are in demand in real-world as well.
    7. References
    [1] Cappos, J., Weiss, R. (2014, March). Teaching the security mindset with reference monitors. In SIGCSE (p. 523-528).
    [2] Cone, B. D., Irvine, C. E., Thompson, M. F., Nguyen, T. D. (2007). A video game for cyber security training and awareness.
    computers& security
    , 26 (1), 63-72.
    [3] Chi, H., Jones, E. L., Brown, J. (2013, October). Teaching Secure Coding Practices to STEM Students. 
    In
    : Proceedings of the
    2013 on InfoSecCD’13:
     Information Security Curriculum Development Conference 
    (p. 42). ACM.
    [4] Claycomb, W. R., Huth, C. L., Flynn, L., McIntire, D. M., Lewellen, T. B., Center, C. I. T. (2012). Chronological examination of
    insider threat sabotage: preliminary observations. Journal of Wireless Mobile Networks, 
    Ubiquitous Computing, and Dependable
    Applications
    , 3 (4), 4-20.
    [5] Crawford, M., Peterson, G. (2013, January). Insider Threat Detection using Virtual Machine Introspection. 
    In
    : System Sciences
    (HICSS), 2013 46
    th
    Hawaii International Conference on (p. 1821-1830). IEEE.
    [6] Du, W. (2011). SEED: hands-on lab exercises for computer security education. Security & Privacy, IEEE, 9 (5), 70-73.
    [7] Farahmand, F., Spafford, E. H. (2013). Understanding insiders: An analysis of risk-taking behavior. Information Systems
    Frontiers, 15(1), 5-15.
    [8] Greitzer, F. L., Ferryman, T. A. (2013, May). Methods and Metrics for Evaluating Analytic Insider Threat Tools. In: 
    Security and
    Privacy Workshops
    (SPW), 2013 IEEE (p. 90-97). IEEE.
    [9] Guo, M., Bhattacharya, P., Yang, M., Qian, K., Yang, L. (2013, March). Learning mobile security with android security labware.
    In Proceeding of the 44
    th
    ACM technical symposium on Computer science education (p. 675-680). ACM.
    [10] Jones, J., Yuan, X., Carr, E., Yu, H. (2010, March). A comparative study of CyberCIEGE game and Department of Defense
    Information Assurance Awareness video. In IEEE SoutheastCon 2010 (SoutheastCon), 
    In
    : Proceedings of the (p. 176-180). IEEE.
    [11] Mirkovic, J., Benzel, T. (2012). Teaching cybersecurity with DeterLab. Security & Privacy, IEEE, 10 (1), 73-76.
    [12] Tao, L., Chen, L. C., Lin, C. (2010). Virtual Open-Source Labs for Web Security Education. 
    In
    : Proceedings of the World
    Congress on Engineering and Computer Science 
    (1).
    [13] Simmons, M., Chi, H. (2012, October). Designing and implementing cloud-based digital forensics hands-on labs. 
    In
    : Proceedings
    of the 2012 
    Information Security Curriculum Development Conference 
    (p. 69-74). ACM.
    [14] Young, W. T., Goldberg, H. G., Memory, A., Sartain, J. F., Ted, E. (2013). Use of Domain Knowledge to Detect Insider Threats
    in Computer Activities. In Security and Privacy Workshops (SPW), 2013 IEEE (p. 60-67). IEEE.
    [15] Zeng, H. (2013, June). Research on Developing a Lab Environment for Cookie Spoofing Attack and Defense Education. In
    Computational and Information Sciences (ICCIS), 2013 Fifth International Conference on (p. 1979-1982). IEEE.
    [16] CERT Coordination Center (CERT/CC): 
    http://www.cert.org/

    Download 347,92 Kb.
    1   2   3   4   5   6   7   8   9   10




    Download 347,92 Kb.
    Pdf ko'rish