A personalized learning theory-based cyber-security training exercise

Abstract

Current enterprises’ needs for skilled cyber-security (CS) professionals have prompted the development of diverse CS training programs and offerings. It has been noted that even though enterprise staff is now more aware of security threats, the number of successful attacks against companies has all but decreased over the years. Several criticisms were raised against current CS training offerings, which often made them inadequate, or unable to change participants’ behavior and security attitude. One of the main factors CS training programs are often not very effective is the lack of engagement or motivation of participants. This is often the result of training not being tailored to the needs or preferences of participants. In our previous work, we tackled this issue by developing a personalized learning theory-based model for developing CS training frameworks. In this work, we utilize the model to develop two CS training exercises: two game-based scenarios using the CS training video game Cyber CIEGE and one table-top team exercise. The exercises are later tested by involving a group of 12 students from the Norwegian Institute of Science and Technology (NTNU) Information Security master’s degree program. According to the results of the experiment and the feedback from the students, students felt more engaged during the exercises due to having been participants in their development process. This has in turn motivated them to continue using the training tools independently in their spare time. Further research is recommended to establish whether the training development model is adequate for different target groups, as well as better performing than other models when developing full-fledged training programs.