Cybersecurity Scenario Builder and Retrieval Toolkit
- 13 Downloads
Our ever-increasing dependence on information technology brings us to new crossroads and challenges confronting national security protection. Both private and public entities recognized these issues and are currently making progress toward addressing the problems of cybersecurity. A major component of cybersecurity, or any technical program, is effective training that could alleviate, if not eliminate, the threat imposed by the adversarial entities.
Training programs are guided by learning processes that could utilize passive and active learning strategies. While passive learning incorporates rote learning, active learning places more responsibility to students by engaging them in problem-based or case-based learning processes. The student is presented with interactive scenarios which facilitate the progression of the student toward a solution to the problem. In following the storyline, the students apply their acquired domain knowledge and critical thinking skills while receiving constructive feedback based on the decisions that they have made (Massey University of New Zealand, 2020).
Recognizing these needs, we initiated an innovative cybersecurity training and education project with the following objectives: to design, develop, test, and deploy a highly interactive, automated, and intelligent cybersecurity scenario builder and retrieval software toolkit for active cybersecurity learning; to build a virtual machine (VM) that will accompany each scenario; and to facilitate the deployment of the scenarios on a cyber range. Each scenario will be created using our novel concept: Open Virtualization Scenario.
KeywordsBloom’s taxonomy Curriculum development Cybersecurity Immersive training Learning process Scenario builder Software toolkit Student interaction Virtual machine Virtualization
This work is partially supported by the Florida Center for Cybersecurity under Grant Number 3901-1009-00-A (2019 Collaborative SEED Program) and the National Security Agency under Grant Number H98230-19-1-0333. The US Government is authorized to reproduce and distribute reprints notwithstanding any copyright notation herein.
- 1.G. Francia, G. Randall, J. Snellen, Pedagogical resources for industrial control systems security: Design, implementation, conveyance, and evaluation. Journal of Cybersecurity Education Research and Practice 1, 2017 (2017)Google Scholar
- 3.Towson University. NSA NCCP National Cybersecurity Curriculum Program (2019). https://www.clark.center/c/nccp. Accessed 30 Jan 2020
- 5.G. Francia, J. Snellen, G. Richards, Laboratory exercises to accompany industrial control and embedded systems security curriculum modules, in Cybersecurity and Privacy in Cyber Physical Systems, (CRC Press, Taylor and Francis Group, 2019)Google Scholar
- 6.G. Francia, J. Snellen, Embedded and control systems security project. Information Security Education Journal 1(2), 77–84 (2014)Google Scholar
- 7.Idaho National Laboratory, Critical Infrastructure Protection Training (Idaho National Laboratory, 2020). https://inl.gov/critical-infrastructure-protection-training/. Accessed 30 Jan 2020
- 8.Cyber Security Education Consortium (CSEC). Oklahoma Center for Information Assurance and Forensics Education (OCIAFE) (2017). https://atecentral.net/r3800/. Accessed 30 Jan 2020
- 9.SANS, "SANS," SANS, 2020. https://www.sans.org/. Accessed 31 Jan 2020
- 10.R. Kindley, Scenario-based E-learning: a Step Beyond Traditional E-learning (2002). http://www.learningcircuits.com/2002/may2002/kindley.html. Accessed 20 Jan 2020
- 11.A. Pandey. A 5-step Plan to Create a Captivating Scenario-based Corporate Training (ELearning Industry, 2019). https://elearningindustry.com/scenario-based-learning-corporate-training-how-create. Accessed 20 Jan 2020
- 12.R. Clrak, Accelerating Expertise with Scenario Based Learning (Learning Blueprint, 2009)Google Scholar
- 13.S. Lieb. Principles of Adult Learning (1991). http://design2learn.ch/downloads/principles_of_adult_learning_lieb.pdf. Accessed 31 Jan 2020
- 14.S. Brookfield, Adult learning: An overview, in International Encyclopedia of Education, (England, Pergamon Press, Oxford, 1995)Google Scholar
- 15.W. Hung, D.H. Jonassen, R. Liu, Problem-based learning, in Handbook of Research on Educational Communications and Technology, 3rd edn., (Mahwah, NJ, 2008), pp. 485–506Google Scholar
- 16.National Institute of Standards and Technology. National Initiative for Cybersecurity Education (NICE) National Cybersecurity Workforce Framework (NIST Special Publication 800–181, 2017). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf?trackDocs=NIST.SP.800-181.pdf
- 17.United States Office of Personnel Management. Interpretive Guidance for Cybersecurity Positions Attracting, Hiring and Retaining a Federal Cybersecurity Workforce (2019). https://www.opm.gov/policy-data-oversight/classification-qualifications/reference-materials/interpretive-guidance-for-cybersecurity-positions.pdf. Accessed 6 Feb 2020
- 18.C. Klimas. Twine (2009). https://twinery.org/. Accessed 20 Jan 2020
- 19.Lucidchart. Lucidchart See more. Know more. Do more (2020). https://www.lucidchart.com/pages/landing?utm_source=google&utm_medium=cpc&utm_campaign=en_unitedstates_ desktop_branded_x_bmm_lucidchart&km_CPC_CampaignId=1458000413&km_CPC_ AdGroupID=57044763792&km_CPC_Keyword=%2Blucid%20%2Bchart&km_CPC_ MatchType=b&km_CPC_. Accessed 31 Jan 2020Google Scholar
- 20.Microsoft. Visual Studio Community. (Microsoft, 2020). https://visualstudio.microsoft.com/vs/community/. Accessed 31 Jan 2020
- 21.Articulate. Articulate 360, Articulate (2020). https://articulate.com/360. Accessed 31 Jan 2020
- 22.Massey University. Massey University of New Zealand. https://www.massey.ac.nz/massey/fms/AVC%20Academic/Teaching%20and%20Learning%20Cenrtres/Scenario-based-learning.pdf.Accessed 27 Jan 2020
- 23.National Science Foundation. Secure and Trustworthy Cyberspace (2019). https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=504709. Accessed 27 Jan 2020
- 24.M. Patton, Qualitative Evaluation and Research Methods, 4th edn. (Sage, Newbury Park, CA, 2002)Google Scholar
- 25.J. Creswell, Education Research: Planning, Conducting, and Evaluating Quantitative and Qualitative Research, 2nd edn. (Merrill, Upper Saddle River, NJ, 2005)Google Scholar
- 26.D. Kirkpatrick, J. Kirkpatrick, Evaluating Training Programs: The Four Levels, 3rd edn. (Berrett-Koehler Publishers, Inc., San Francisco, CA, 2006)Google Scholar
- 27.K. Fulton and T. Britton. STEM Teachers in Professional Learning Communities: From Good Teachers to Great Teaching (2011). https://www.eric.ed.gov/?q=STEM+teachers+in+professional+learning+communities&id=ED521328. Accessed 22 Jan 2020