loading
Documents

Research.Publish.Connect.

Paper

Authors: Gencer Erdogan 1 ; Åsmund Hugo 1 ; Antonio Romero 2 ; Dario Varano 3 ; Niccolò Zazzeri 4 and Anže Žitnik 5

Affiliations: 1 Software and Service Innovation, SINTEF Digital, Oslo, Norway ; 2 Research & Innovation, Atos, Seville, Spain ; 3 Department of Information Engineering, University of Pisa, Pisa, Italy ; 4 Trust-IT Services, Pisa, Italy ; 5 XLAB, Ljubljana, Slovenia

ISBN: 978-989-758-443-5

Keyword(s): Cyber Range, Cybersecurity, Cyber-risk Models, Training Scenario, Exercise, Evaluation, Real-time, White Team, Green Team, Blue Team, Red Team.

Abstract: There is an urgent need for highly skilled cybersecurity professionals, and at the same time there is an awareness gap and lack of integrated training modules on cybersecurity related aspects on all school levels. In order to address this need and bridge the awareness gap, we propose a method to train and evaluate the cybersecurity skills of participants in cyber ranges based on cyber-risk models. Our method consists of five steps: create cyber-risk model, identify risk treatments, setup training scenario, run training scenario, and evaluate the performance of participants. The target users of our method are the White Team and Green Team who typically design and execute training scenarios in cyber ranges. The output of our method, however, is an evaluation report for the Blue Team and Red Team participants being trained in the cyber range. We have applied our method in three large scale pilots from academia, transport, and energy. Our initial results indicate that the method is easy t o use and comprehensible for training scenario developers (White/Green Team), develops cyber-risk models that facilitate real-time evaluation of participants in training scenarios, and produces useful feedback to the participants (Blue/Red Team) in terms of strengths and weaknesses regarding cybersecurity skills. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.238.147.211

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Erdogan, G.; Hugo, Å.; Romero, A.; Varano, D.; Zazzeri, N. and Žitnik, A. (2020). An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models.In Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT, ISBN 978-989-758-443-5, pages 509-520. DOI: 10.5220/0009892105090520

@conference{icsoft20,
author={Gencer Erdogan. and Åsmund Hugo. and Antonio Álvarez Romero. and Dario Varano. and Niccolò Zazzeri. and Anže Žitnik.},
title={An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models},
booktitle={Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,},
year={2020},
pages={509-520},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009892105090520},
isbn={978-989-758-443-5},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,
TI - An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models
SN - 978-989-758-443-5
AU - Erdogan, G.
AU - Hugo, Å.
AU - Romero, A.
AU - Varano, D.
AU - Zazzeri, N.
AU - Žitnik, A.
PY - 2020
SP - 509
EP - 520
DO - 10.5220/0009892105090520

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.