loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models

Topics: Cloud Computing; Complex Systems; Cybersecurity Technologies; Real-Time Systems; Risk Management; Software as a Service; Testing and Testability; Web Systems and Applications; Web Technologies

Authors: Gencer Erdogan 1 ; Åsmund Hugo 1 ; Antonio Romero 2 ; Dario Varano 3 ; Niccolò Zazzeri 4 and Anže Žitnik 5

Affiliations: 1 Software and Service Innovation, SINTEF Digital, Oslo, Norway ; 2 Research & Innovation, Atos, Seville, Spain ; 3 Department of Information Engineering, University of Pisa, Pisa, Italy ; 4 Trust-IT Services, Pisa, Italy ; 5 XLAB, Ljubljana, Slovenia

Keyword(s): Cyber Range, Cybersecurity, Cyber-risk Models, Training Scenario, Exercise, Evaluation, Real-time, White Team, Green Team, Blue Team, Red Team.

Abstract: There is an urgent need for highly skilled cybersecurity professionals, and at the same time there is an awareness gap and lack of integrated training modules on cybersecurity related aspects on all school levels. In order to address this need and bridge the awareness gap, we propose a method to train and evaluate the cybersecurity skills of participants in cyber ranges based on cyber-risk models. Our method consists of five steps: create cyber-risk model, identify risk treatments, setup training scenario, run training scenario, and evaluate the performance of participants. The target users of our method are the White Team and Green Team who typically design and execute training scenarios in cyber ranges. The output of our method, however, is an evaluation report for the Blue Team and Red Team participants being trained in the cyber range. We have applied our method in three large scale pilots from academia, transport, and energy. Our initial results indicate that the method is easy to use and comprehensible for training scenario developers (White/Green Team), develops cyber-risk models that facilitate real-time evaluation of participants in training scenarios, and produces useful feedback to the participants (Blue/Red Team) in terms of strengths and weaknesses regarding cybersecurity skills. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.238.90.95

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Erdogan, G.; Hugo, Å.; Romero, A.; Varano, D.; Zazzeri, N. and Žitnik, A. (2020). An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models. In Proceedings of the 15th International Conference on Software Technologies - ICSOFT, ISBN 978-989-758-443-5; ISSN 2184-2833, pages 509-520. DOI: 10.5220/0009892105090520

@conference{icsoft20,
author={Gencer Erdogan. and Åsmund Hugo. and Antonio Romero. and Dario Varano. and Niccolò Zazzeri. and Anže Žitnik.},
title={An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models},
booktitle={Proceedings of the 15th International Conference on Software Technologies - ICSOFT,},
year={2020},
pages={509-520},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009892105090520},
isbn={978-989-758-443-5},
issn={2184-2833},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Software Technologies - ICSOFT,
TI - An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models
SN - 978-989-758-443-5
IS - 2184-2833
AU - Erdogan, G.
AU - Hugo, Å.
AU - Romero, A.
AU - Varano, D.
AU - Zazzeri, N.
AU - Žitnik, A.
PY - 2020
SP - 509
EP - 520
DO - 10.5220/0009892105090520