An exploration of the current state of information assurance education

Cooper, Stephen; Nickell, Christine; Piotrowski, Victor; Oldfield, Brenda M.; Abdallah, Ali E.; Bishop, Matt; Caelli, Bill; Dark, Melissa; Hawthorne, Elizabeth K.; Hoffman, Lance J.; Pérez, Lance C.; Pfleeger, Charles P.; Raines, Richard A.; Schou, Corey; Brynielsson, Joel

doi:10.1145/1709424.1709457

Cited by 30 publications

(24 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The former can be used in cyber security for the evaluation of educational interventions [5], [10], while the latter mostly provides an understanding on how attackers compromise systems [11]. Academic accreditations and professional certifications are an important part of such competency frameworks [12], and several guidelines and educational standards were proposed to facilitate the process of defining the field of cyber security [13].…”

Section: Related Workmentioning

confidence: 99%

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

et al. 2017

View full text Add to dashboard Cite

Abstract-There has been a proliferation of industry-focused cyber security qualifications, which use different techniques to assess the competencies of cyber security professionals and certify them to employers. There is, however, a lingering question about these qualifications: do they effectively assess the competencies of cyber security professionals? 74 cyber security qualifications were analysed to determine how competency assessment is performed in practice, and five distinct techniques were identified together with the frequency of their use within qualifications. These techniques formed the basis of a large-scale survey of the perceptions of 153 industry stakeholders on the effectiveness of individual techniques and their cost-effectiveness as combinations. Despite a perceived low effectiveness of Multiple Choice Examinations, industry qualifications were found to rely on it heavily, often as a sole technique, and few qualifications utilised the cost-effective combinations identified by stakeholders.

show abstract

Section: Related Workmentioning

confidence: 99%

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Instead, existing data sources such as taxonomies, profiling and knowledge elicitation workshops about the targeted group of users can act as an alternative. Considering IT security from an attack versus defend viewpoint is a common way to study threats [16], [17], and can provide insightful information about the attackers such as how they carry out attacks, which weaknesses they target the most, the skill of the attacker in terms of the way an attack is carried out, etc. Such data concerning different categories of attackers can be acquired from IT security professionals using quantitative and/or qualitative means.…”

Section: A Assumption and Attacker Personasmentioning

confidence: 99%

Framing the Attacker in Organized Cybercrime

Tariq

Brynielsson

Artman

2012

2012 European Intelligence and Security Informatics Conference

Self Cite

View full text Add to dashboard Cite

Abstract-When large values are at stake, the attacker and the attacker's motives cannot be easily modeled, since both the organization at stake and the possible attackers are unique and have complex motives. Hence, rather than using stereotypical attacker models, recent work proposes realistic profiling of the opponent by the use of user-centered design principles in form of the persona methodology.Today, cybercrime is often organized, i.e., attacks are planned and executed by an organization that has put together a tailormade team consisting of the necessary skills for the task. The actual individuals taking part in the attack might not be aware of or interested in the overall organizational motives. Rather, taking motives behind espionage, fraud, etc., into account requires consideration of the attacking organization rather than the individuals. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational motives in order to tackle organized cybercrime. The resulting framework presented in the paper extends the attacker persona methodology by also using narratives in order to assess the own organization's security. These narratives give rise to intrigue sketches involving any number of attacker personas which, hence, make it possible to take organized cybercrime into account.

show abstract

“…As Steven Cooper et al well expressed the historical context of such efforts, [3] cybersecurity training and education evolved through a wealth of sectorspecific training that has matured over the last 40 years, including the CISOstyle training that matured into SANS; the information security education programs that perhaps started as early as Queensland Institute of Technology in Australia offered a Master's level research degree in computer security 1986. Cyber security forces capabilities in departments of defense around the world began to mature as evidenced by the expansion of the U.S. Air Force Mission to incl ude cyberspace in 2005.…”

Section: Introductionmentioning

confidence: 99%

A Cyber Security Multi Agency Collaboration for Rapid Response that Uses AGILE Methods on an Education Infrastructure

Moore¹,

Likarish²

2015

Information Security Education Across the Curriculum

View full text Add to dashboard Cite

Abstract. This study provides a summary and analysis of a cyber security multi agency collaboration for rapid response by Regis University (RU), in partnership with the Colorado Army and Air Force National Guard (CONG) and the State of Colorado (SOC), deploying AGILE methods to improve the ability of the CONG and SOC to respond to attacks against Colorado's critical infrastructure.The summary covers formative discussions and about a yearlong series of physical exercises, lectures and certification exams that advanced the study participants domain knowledge, awareness of SOC policy and communication with industry. Other states and territories can use the model to the benefit of their citizens. Events included multiple simulations, physical exercise scenarios, and table top exercises designed to give realworld substance to more abstract cyber security concepts and integrate physical world consequences to actions performed by the participants.

show abstract

An exploration of the current state of information assurance education

Cited by 30 publications

References 2 publications

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

Framing the Attacker in Organized Cybercrime

A Cyber Security Multi Agency Collaboration for Rapid Response that Uses AGILE Methods on an Education Infrastructure

Contact Info

Product

Resources

About