Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

George Hatzivasilis,George Leftheriotis,Fulvio Frati,Fotis Oikonomou,George Tsakirakis,Ludger Goeke,George Spanoudakis,Michail Smyrlis,Torsten Hildebrandt,Hristo Koshutanski,Sotiris Ioannidis

doi:10.3390/app10165702

Abstract

Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented.

Highlights

IntroductionHighly interconnected systems, utilizing not just the ordinary computer technologies and the Internet of Things (IoT) and the cloud, exchange high volumes of data and user-related information [1,2]
The 4th Industrial Revolution brings the Information Society to the foreground
This section presents the main educational and pedagogical aspects of the proposed framework. This includes the incorporation of the STRIDE threat model for the analyses of the cyber-security aspects that are involved in the programme, the Bloom’s taxonomy for the classification of the learning elements, the Kolb’s learning lifecycle, and the Constructive Alignment, along with the integration of these methods in the cyber-ranges platform THREAT-ARREST [24]

Summary

Introduction

Highly interconnected systems, utilizing not just the ordinary computer technologies and the Internet of Things (IoT) and the cloud, exchange high volumes of data and user-related information [1,2]. This complex ecosystem cannot be safeguarded as the attack surface is continuously increasing, while the security of the deployed primitives is not always retained [3,4,5]. Gartner estimates that the global cyber-security awareness and training market will worth around USD 1.5 billion by 2021 [10]

Results

Discussion

Conclusion