An information assurance curriculum for commanding officers using hands-on experiments

Brynielsson, Joel

doi:10.1145/1508865.1508953

Cited by 3 publications

(3 citation statements)

References 11 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, existing data sources such as taxonomies, profiling and knowledge elicitation workshops about the targeted group of users can act as an alternative. Considering IT security from an attack versus defend view-point is a common way to study threats [16], [17], and can provide insightful information about the attackers such as how they carry out attacks, which weaknesses they target the most, the skill of the attacker in terms of the way an attack is carried out, etc. Such data concerning different categories of attackers can be acquired from IT security professionals using quantitative and/or qualitative means.…”

Section: A Assumption and Attacker Personasmentioning

confidence: 99%

Framing the Attacker in Organized Cybercrime

Sarumi¹,

Abdul-Raheem²

2022

AIMS Research Publication

View full text Add to dashboard Cite

When large values are at stake, the attacker and the attacker’s motives cannot be easily modeled, since both the organization at stake and the possible attackers are unique and have complex motives. Hence, rather than using stereotypical attacker models, recent work proposes realistic profiling of the opponent by the use of user-centered design principles in form of the persona methodology. Today, cybercrime is often organized, i.e., attacks are planned and executed by an organization that has put together a tailor- made team consisting of the necessary skills for the task. The actual individuals taking part in the attack might not be aware of or interested in the overall organizational motives. Rather, taking motives behind espionage, fraud, etc., into account requires consideration of the attacking organization rather than the individuals. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational motives in order to tackle organized cybercrime. The resulting framework presented in the paper extends the attacker persona methodology by also using narratives in order to assess the own organization’s security. These narratives give rise to intrigue sketches involving any number of attacker personas, which hence, make it possible to take organized cybercrime into account. Keywords: organization, attacker models, espionage, fraud, cybercrime, security experts, framework, persona methodology.

show abstract

Section: A Assumption and Attacker Personasmentioning

confidence: 99%

Framing the Attacker in Organized Cybercrime

Sarumi¹,

Abdul-Raheem²

2022

AIMS Research Publication

View full text Add to dashboard Cite

show abstract

“…Most computer security instructors use the methods of defense assurance and attack understanding [7]. The learning process can be improved by using a mixture of theory and concepts [8]. Louthan et.…”

Section: Security Coursesmentioning

confidence: 99%

A method for incorporating usable security into computer security courses

George

Klems

Valeva

2013

Proceeding of the 44th ACM Technical Symposium on Computer Science Education

View full text Add to dashboard Cite

Since human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical aspects of security and generally ignores Usable Security. To address this problem, we developed a new 3P Learning Method that encourages students to view security problems from three different perspectives (i.e. 3P), namely: Defense, Offense, and Use. The 3P Method lets us incorporate Usable Security into the existing curriculum and helps students to consider Usable Security as an integral part of secure system design rather than an optional add-on.

show abstract

“…Consequently, there is a need for a framework to be used for enlightening the user/defender about the attacker perspective (Brynielsson 2009), and enable them to specify security-centric requirements in their context of use. However, in order to do this one must have some representation of the threats and the actual actors who might pose the threat.…”

Section: Introductionmentioning

confidence: 99%

Storytelling for Tackling Organized Cybercrime

Tariq

Brynielsson

Artman

2012

Electronic Workshops in Computing

Self Cite

View full text Add to dashboard Cite

Cybercrime is often organized, and the actual individuals that are perpetrating the different parts of the attack might not be aware of or interested in the overall organizational motives behind the attack. In this paper, based on interviews with IT security experts, we build on the attacker persona methodology and extend it with methodology to also handle organizational attacking motives in order to tackle organized cybercrime. The resulting framework extends the attacker persona methodology by also using narratives in order to assess the own organization's security. These narratives give rise to intrigue sketches involving any number of attacker personas which, hence, make it possible to take organized cybercrime into account.

show abstract

An information assurance curriculum for commanding officers using hands-on experiments

Cited by 3 publications

References 11 publications

Framing the Attacker in Organized Cybercrime

Framing the Attacker in Organized Cybercrime

A method for incorporating usable security into computer security courses

Storytelling for Tackling Organized Cybercrime

Contact Info

Product

Resources

About