Abstract
Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation.
Highlights
The adaptation tool first creates the training delivery parameter model and creates an alert prompting the trainer to assign to a training programme content
When the Cyber Threat and Training Preparation (CTTP) Models and Programmes adaptation tool and Sphynx’s Security Assurance Platform were utilised, one can observe that the mean CPU usage was increased to 30.5% while the memory usage remained at the same levels
Sphynx’s security assurance platform that enables customised and continuous assessment of the security and privacy of a cyber system and comprehensive risk management and (c) the CTTP models and programmes adaptation tool, a tool that covers primary forms of analysis of the impact that specific changes in some parts of the programme have on other parts and checks about the completeness and consistency of the entire specification of CTTP models and programmes when some parts of it change
Summary
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. A relevant Cyber Threat and Training Preparation (CTTP) Programme is developed and the main training is begun Throughout this process, the installed analysis mechanisms, from the initial phase, are continuously assessing wherever the trainees are applying the learned concepts in the actual system. The proposed solution has been successfully deployed in three Information and Communications Technology (ICT) domains of smart transportation, smart energy, and healthcare For each of these pilots, three complete Training Programmes have been created, namely: “security awareness” for staff with no or low-security knowledge, “edge system security administrator” for personnel that require main security knowledge concerning the setting and usage of edge systems, and “backend security manager” for security and privacy experts.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.