Advertisement

Cybersecurity Scenario Builder and Retrieval Toolkit

  • Guillermo Francia IIIEmail author
  • Tirthankar Ghosh
  • Gregory Hall
  • Eman El-Sheikh
Chapter
  • 13 Downloads

Abstract

Our ever-increasing dependence on information technology brings us to new crossroads and challenges confronting national security protection. Both private and public entities recognized these issues and are currently making progress toward addressing the problems of cybersecurity. A major component of cybersecurity, or any technical program, is effective training that could alleviate, if not eliminate, the threat imposed by the adversarial entities.

Training programs are guided by learning processes that could utilize passive and active learning strategies. While passive learning incorporates rote learning, active learning places more responsibility to students by engaging them in problem-based or case-based learning processes. The student is presented with interactive scenarios which facilitate the progression of the student toward a solution to the problem. In following the storyline, the students apply their acquired domain knowledge and critical thinking skills while receiving constructive feedback based on the decisions that they have made (Massey University of New Zealand, 2020).

Recognizing these needs, we initiated an innovative cybersecurity training and education project with the following objectives: to design, develop, test, and deploy a highly interactive, automated, and intelligent cybersecurity scenario builder and retrieval software toolkit for active cybersecurity learning; to build a virtual machine (VM) that will accompany each scenario; and to facilitate the deployment of the scenarios on a cyber range. Each scenario will be created using our novel concept: Open Virtualization Scenario.

Keywords

Bloom’s taxonomy Curriculum development Cybersecurity Immersive training Learning process Scenario builder Software toolkit Student interaction Virtual machine Virtualization 

Notes

Acknowledgments

This work is partially supported by the Florida Center for Cybersecurity under Grant Number 3901-1009-00-A (2019 Collaborative SEED Program) and the National Security Agency under Grant Number H98230-19-1-0333. The US Government is authorized to reproduce and distribute reprints notwithstanding any copyright notation herein.

References

  1. 1.
    G. Francia, G. Randall, J. Snellen, Pedagogical resources for industrial control systems security: Design, implementation, conveyance, and evaluation. Journal of Cybersecurity Education Research and Practice 1, 2017 (2017)Google Scholar
  2. 2.
    G. Francia, D. Thornton, M. Trifas, T. Bowden, Gamification of information security awareness training, in Emerging Trends in ICT Security, (Elsevier, Inc., Waltham, 2014), pp. 85–97CrossRefGoogle Scholar
  3. 3.
    Towson University. NSA NCCP National Cybersecurity Curriculum Program (2019). https://www.clark.center/c/nccp. Accessed 30 Jan 2020
  4. 4.
    G. Francia, N. Bekhouche, T.M. Marbut, C. Neuman, Portable SCADA security toolkit. International Journal of Information and Network Security (IJINS) 1(4), 265–274 (2012)CrossRefGoogle Scholar
  5. 5.
    G. Francia, J. Snellen, G. Richards, Laboratory exercises to accompany industrial control and embedded systems security curriculum modules, in Cybersecurity and Privacy in Cyber Physical Systems, (CRC Press, Taylor and Francis Group, 2019)Google Scholar
  6. 6.
    G. Francia, J. Snellen, Embedded and control systems security project. Information Security Education Journal 1(2), 77–84 (2014)Google Scholar
  7. 7.
    Idaho National Laboratory, Critical Infrastructure Protection Training (Idaho National Laboratory, 2020). https://inl.gov/critical-infrastructure-protection-training/. Accessed 30 Jan 2020
  8. 8.
    Cyber Security Education Consortium (CSEC). Oklahoma Center for Information Assurance and Forensics Education (OCIAFE) (2017). https://atecentral.net/r3800/. Accessed 30 Jan 2020
  9. 9.
    SANS, "SANS," SANS, 2020. https://www.sans.org/. Accessed 31 Jan 2020
  10. 10.
    R. Kindley, Scenario-based E-learning: a Step Beyond Traditional E-learning (2002). http://www.learningcircuits.com/2002/may2002/kindley.html. Accessed 20 Jan 2020
  11. 11.
    A. Pandey. A 5-step Plan to Create a Captivating Scenario-based Corporate Training (ELearning Industry, 2019). https://elearningindustry.com/scenario-based-learning-corporate-training-how-create. Accessed 20 Jan 2020
  12. 12.
    R. Clrak, Accelerating Expertise with Scenario Based Learning (Learning Blueprint, 2009)Google Scholar
  13. 13.
    S. Lieb. Principles of Adult Learning (1991). http://design2learn.ch/downloads/principles_of_adult_learning_lieb.pdf. Accessed 31 Jan 2020
  14. 14.
    S. Brookfield, Adult learning: An overview, in International Encyclopedia of Education, (England, Pergamon Press, Oxford, 1995)Google Scholar
  15. 15.
    W. Hung, D.H. Jonassen, R. Liu, Problem-based learning, in Handbook of Research on Educational Communications and Technology, 3rd edn., (Mahwah, NJ, 2008), pp. 485–506Google Scholar
  16. 16.
    National Institute of Standards and Technology. National Initiative for Cybersecurity Education (NICE) National Cybersecurity Workforce Framework (NIST Special Publication 800–181, 2017). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf?trackDocs=NIST.SP.800-181.pdf
  17. 17.
    United States Office of Personnel Management. Interpretive Guidance for Cybersecurity Positions Attracting, Hiring and Retaining a Federal Cybersecurity Workforce (2019). https://www.opm.gov/policy-data-oversight/classification-qualifications/reference-materials/interpretive-guidance-for-cybersecurity-positions.pdf. Accessed 6 Feb 2020
  18. 18.
    C. Klimas. Twine (2009). https://twinery.org/. Accessed 20 Jan 2020
  19. 19.
    Lucidchart. Lucidchart See more. Know more. Do more (2020). https://www.lucidchart.com/pages/landing?utm_source=google&utm_medium=cpc&utm_campaign=en_unitedstates_ desktop_branded_x_bmm_lucidchart&km_CPC_CampaignId=1458000413&km_CPC_ AdGroupID=57044763792&km_CPC_Keyword=%2Blucid%20%2Bchart&km_CPC_ MatchType=b&km_CPC_. Accessed 31 Jan 2020Google Scholar
  20. 20.
    Microsoft. Visual Studio Community. (Microsoft, 2020). https://visualstudio.microsoft.com/vs/community/. Accessed 31 Jan 2020
  21. 21.
    Articulate. Articulate 360, Articulate (2020). https://articulate.com/360. Accessed 31 Jan 2020
  22. 22.
  23. 23.
    National Science Foundation. Secure and Trustworthy Cyberspace (2019). https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=504709. Accessed 27 Jan 2020
  24. 24.
    M. Patton, Qualitative Evaluation and Research Methods, 4th edn. (Sage, Newbury Park, CA, 2002)Google Scholar
  25. 25.
    J. Creswell, Education Research: Planning, Conducting, and Evaluating Quantitative and Qualitative Research, 2nd edn. (Merrill, Upper Saddle River, NJ, 2005)Google Scholar
  26. 26.
    D. Kirkpatrick, J. Kirkpatrick, Evaluating Training Programs: The Four Levels, 3rd edn. (Berrett-Koehler Publishers, Inc., San Francisco, CA, 2006)Google Scholar
  27. 27.
    K. Fulton and T. Britton. STEM Teachers in Professional Learning Communities: From Good Teachers to Great Teaching (2011). https://www.eric.ed.gov/?q=STEM+teachers+in+professional+learning+communities&id=ED521328. Accessed 22 Jan 2020

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Guillermo Francia III
    • 1
    Email author
  • Tirthankar Ghosh
    • 1
  • Gregory Hall
    • 1
  • Eman El-Sheikh
    • 1
  1. 1.Center for CybersecurityUniversity of West FloridaPensacolaUSA

Personalised recommendations