1 |
Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing NationCatota Quintana, Frankie 01 December 2016 (has links)
When information technology is incorporated into the operations of financial critical infrastructure, it brings with it a range of cyber risks, and mitigating them requires that firms and regulators develop capabilities to foster protection. The sophistication of cyber threats to the financial sector has been growing rapidly. Developed nations have worked hard to improve their knowledge of these threats and establish strategies to respond accordingly. However, in developing nations, both the understanding of the risks posed by cyber threats and the ability to address those risks have been slower to evolve. Developing the needed cybersecurity capabilities in developing countries encounter challenges that need to be identified and addressed. In order to begin to do that, this thesis reports on three studies conducted in the context of Ecuador. The first study identifies and assesses incident experiences, challenges, barriers, and desired actions reported by financial security managers with the objective of identifying strategies to enhance incident response capabilities. The second study begins with the security incidents reported by the Ecuadorian financial stakeholders during the first study and assesses the potential effectiveness of the government policy that is intended to address IT risk in the financial sector. The third study explores the challenges that universities face in order to provide cybersecurity instruction to protect critical infrastructure and explores potential strategies to advance cybersecurity education at the university level. In support of this work we collected data from national practitioners involved in responding to security incidents and in developing cybersecurity skills. Sixty-one in-depth, semi-structured interviews across five cities were conducted (95% in person, the rest by telephone) with respondents who had good knowledge in the subjects. Respondents come mainly from: the financial sector (CISOs, risk and IT managers, security chiefs, security officers, authorities); telecommunications sector, especially ISPs (managers, directors, engineers, authorities); and academia (deans, directors, professors). We transcribed all the interviews, coded them and conducted qualitative text analysis. This research finds that (1) the financial sector is already facing risks driven by outsiders and insiders that lead to fraud and operational errors and failures. The main barriers to improving protection are small team size, network visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness. The sector has little community support to respond to incidents, and the national legal framework has not supported appropriate prosecution of cyber criminals; (2) the national IT risk management policy has reasonably covered most countermeasures related to reported security incidents. There are however, several areas of gap, one of the most important is network security, which can enable sophisticated malware attacks; (3) today the level of cybersecurity education is mostly elementary in Ecuador. Academic interviewees at only four of the thirteen universities studied expressed confidence that they can provide students with reasonable preparation. Ecuador needs to design a national cybersecurity plan that prioritizes protection for critical infrastructure and should support strategies that allow the country to enhance cybersecurity capabilities. Properly designed these initiatives should allow the nation to develop a core structure to confront current and emergent cyber challenges in the financial sector and other critical national operations, and build the human resources necessary to continue that effort.
|
2 |
Exploring Cyber Ranges in Cybersecurity EducationBeauchamp, Cheryl Lynn 01 April 2022 (has links)
According to a report from McAfee, the global cost of cybercrime for 2020 was over one trillion dollars (Smith, Z. et al., 2020). Cybersecurity breaches and attacks have not only cost businesses and organizations millions of dollars but have also threatened national security and critical infrastructure. Examples include the Ransomware attack in May of 2021 on the largest fuel pipeline in the United States and the February 2021 remote access system breach of a Florida water treatment facility which raised sodium hydroxide to a lethal level. Improving cybersecurity requires a skilled workforce with relevant knowledge and skills. Academic degree programs, boot camps, and various certification programs provide education and training to assist this need. Cyber ranges are a more recent development to provide hands-on skill training. These ranges, often virtual, provide a safe and accessible environment to improve practical skills and experience through hands-on application. They provide a training environment to identify threats, apply countermeasures, and secure data from risks separately from the organization's actual network. More and more academic programs utilize cyber ranges due to the perceived benefit of integrating them into their cybersecurity-related programs. Academic cyber ranges offer virtualized environments that support cybersecurity educators' needs to provide students with a safe, separated, and engaging environment.
The purpose of my research has two components: 1) to understand who the educators are using academic-facing cyber ranges and how they are using them to support their cybersecurity education efforts, and 2) to understand how cybersecurity educators and students are motivated by using them. Specifically, my research is comprised of three manuscripts: (1) a mixed-method exploratory study of who are the educators using cyber ranges for cybersecurity education and how they are using them to create significant cybersecurity learning experiences, (2) a mixed-method study exploring the motivation of educators using a cyber range for cybersecurity education, and (3) a mixed-method study exploring student motivation participating in cybersecurity CTF competitions.
The three manuscripts contribute to understanding cyber ranges in cybersecurity education. The results from my research provided insight from the users of these cyber ranges, cybersecurity educators and students. Results from my first manuscript suggested that high school cybersecurity educators are the primary users. These educators have less formal cybersecurity education and experience compared to cybersecurity educators in higher education. The data also showed that cybersecurity educators primarily used cyber ranges for teaching and learning to meet learning goals and objectives. Results from my second manuscript suggested that educators were motivated mainly by the importance of using a cyber range for cybersecurity education and for the interest-enjoyment their students experience from cyber range usage. Educators found using the cyber range made their class more engaging and relevant to their students.These educators were also confident they could use a cyber range and learn how to use it. However, those without prior experience in cybersecurity or previous experience using a cyber range shared they needed instructor-facing resources, professional development opportunities, and time to learn. Results from my third manuscript suggested that students were motivated by the importance of participating in a cybersecurity CTF competition. Many reported that participating was useful for developing professional skills and readiness. Although CTF competitions were considered difficult and stressful, students did not consider the difficulty pejorative. Many shared that challenging CTFs contributed towards the enjoyment of participating, making them a rewarding and worthwhile experience. However, students also shared that academic and team support contributed towards their confidence in competing. In contrast, those who did not report confidence, stated they lacked a team strategy or support from their academic institution. Additionally, they did not know what to expect to prepare before the competition event. Overall, the results of this dissertation highlight the importance of prior preparation for educators and student CTF participants. For educators, this prior preparation includes curriculum supporting resources such as content mapping to learning objectives and professional development opportunities that do not assume any prior knowledge or experience. For students, prior preparation includes understanding what to expect and recommendations for academic and team support. / Doctor of Philosophy / The technology era has enabled a global connectedness to attend conferences and meetings via our laptop computers while working from home. The proliferation of smart devices has also provided a means to view and communicate with visitors who ring our smart doorbells while we are not home. This interconnected network, i.e., the Internet, has altered how we pay our bills, buy our groceries, and attend classes virtually. It has also enabled cyber attacks and breaches that have contributed to identity thefts, increasing financial costs, business collapses, job losses, and even threatened national security. A cybersecurity workforce has become increasingly vital to address the need for improving cybersecurity. Thus, there is a need for academic cybersecurity programs to prepare future professionals to fill this national workforce shortfall.
Consequently, more and more organizations have integrated cyber ranges as the means to provide a simulated environment for applying and developing cybersecurity-related knowledge and skills. Similar to a driving range for a golfer to practice their golf swing or a shooting range for those in law enforcement to earn their firearms qualifications, a cyber range supports efforts to provide cybersecurity training with hands-on exercises and labs to practice skills in a safe, virtual environment. My research contributes to understanding who uses cyber ranges and how they are motivated to use them for cybersecurity education.
The first purpose of my research was to understand the educators who were using cyber ranges and how they were using them for cybersecurity education. More specifically, I examined their usage for alignment with a learning taxonomy to verify the usage contributed to successful and significant student learning. This understanding contributed to my research's second purpose, which explored how educators were motivated using cyber ranges. The third purpose of my study explored student motivation using a cyber range. Due to varying cyber range resources and activities, my research focused on the cybersecurity competition activity, Capture the Flag (CTF). This study provided an understanding of how students who participated in a cybersecurity CTF competition were motivated.
My research demonstrates that educators and students are interested in using cyber ranges and believe using them for cybersecurity education and professional readiness is important. However, both educators and students who lack prior knowledge or experience using a cyber range or participating in a CTF shared the concern of not knowing what they do not know. PD time and instructor-facing resources that do not assume any prior cybersecurity knowledge were recommended to support educators who did not have a background or experience in cybersecurity. Students shared that although not knowing was stressful and made participating difficult, the difficulty and stress were good attributes because if the CTF were easy, it wouldn't be worth their time and would be less rewarding. Students also reported that team strategies and academic support were motivational aspects of CTF participation. Overall, educators and students were motivated using cyber ranges for cybersecurity education, but professional development and preparation resources would contribute positively to their usage.
|
3 |
Cybersecurity Management System: Defense and ResponseHuang, Chenxiang 19 January 2023 (has links)
Cybersecurity attacks such as phishing, malware, and ransomware have become a major concern in recent years, with many individuals and organizations suffering financial losses as a result. Most people are unaware of the different types of cybersecurity attacks and have not seen examples of them. To address this problem, we developed the Cybersecurity Management System: Defense and Response (CMSDR) cloud software application. It provides both the "Defense" and "Response" to cybersecurity attacks, with educational materials and examples to help users learn about different types of cybersecurity attacks, and a computer-aided reporting and notification system to help organizations respond to ongoing incidents. CMSDR is a universal application that can be used on any platform with a web browser. Any company or organization can effectively run CMSDR on their own server computer for cybersecurity defense and response. / Master of Science / Cybersecurity has become a major concern in recent years as many individuals and organizations have suffered financially from cybersecurity attacks like phishing, malware, and ransomware. This thesis seeks to provide a solution to the emerging number of cybersecurity breaches by introducing Cybersecurity Management System: Defense and Response (CMSDR) cloud software application that features "Defense" and "Response" to cybersecurity attacks. For "Defense", it aims to guide the users of the common types of cybersecurity attacks following the pedagogy "Learning by Examples" by providing cybersecurity examples to support the learning. For "Response", it aims to provide a system that features computer-aided reporting and notification of cybersecurity breaches in a company or organization. The software application is universally usable on any platform with a web browser. With the help of CMSDR, users receive proper education of the types of cybersecurity attacks to raise awareness. Organizations can report and notify ongoing cybersecurity breach incidents to their members easily and effectively.
|
4 |
MAnanA: A Generalized Heuristic Scoring Approach for Concept Map Analysis as Applied to Cybersecurity EducationBlake Gatto, Sharon Elizabeth 06 August 2018 (has links)
Concept Maps (CMs) are considered a well-known pedagogy technique in creating curriculum, educating, teaching, and learning. Determining comprehension of concepts result from comparisons of candidate CMs against a master CM, and evaluate "goodness". Past techniques for comparing CMs have revolved around the creation of a subjective rubric. We propose a novel CM scoring scheme called MAnanA based on a Fuzzy Similarity Scaling (FSS) score to vastly remove the subjectivity of the rubrics in the process of grading a CM. We evaluate our framework against a predefined rubric and test it with CM data collected from the Introduction to Computer Security course at the University of New Orleans (UNO), and found that the scores obtained via MAnanA captured the trend that we observed from the rubric via peak matching. Based on our evaluation, we believe that our framework can be used to objectify CM analysis.
|
5 |
DEVELOPING TRAINING MATERIALS TO SUPPLEMENT THE INDIANA CYBERSECURITY SCORECARDMadison Renae Thomas (11226636) 20 July 2022 (has links)
<p> Cybersecurity is an important aspect of all businesses as well as the public sector. As information technology becomes more interconnected with our everyday lives, it opens more opportunities for network vulnerabilities and therefore more breach opportunities. Previous work within the State of Indiana has produced a cybersecurity scorecard but leaves those using the scorecard with no way to improve their scores. This research is conducted to help Indiana counties improve their cybersecurity practices with a limited budget. As well, this research and implementation guide will be accessible in a way that any employee at the county level, despite their cybersecurity knowledge, will have a solid foundation on where to begin to improve their score. The goal of this study is to develop a framework that identifies the weaknesses in an Indiana county's response to the Cybersecurity Scorecard and provides resources to improve their scores. The framework should identify the specific issues and give definitions or resources for the counties to use to improve their score. </p>
|
6 |
Study of Cybersecurity Awareness Enhancement through Mobile Applications for High School StudentsBandreddi, Jyothi Priyanka January 2020 (has links)
No description available.
|
7 |
A Study on inculcating cyber awareness among undergraduate students by introducing interactive visualization-based cybersecurity modules into STEM education.Jyothirmai, Kothakapu January 2021 (has links)
No description available.
|
8 |
Cybersecurity Education in Utah High Schools: An Analysis and Strategy for Teacher AdoptionCornel, Cariana June 01 August 2019 (has links)
The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In 2017, a meeting was proposed to discuss cybersecurity training methods for Utah high school teachers. Meeting attendees included the researcher, Brigham Young University Cybersecurity Professor, Dale Rowe, the Alpine IT Career and Technology Engineering (CTE) Program Area Specialist, Karsten Walker, and the IT Education specialist for the Utah State Board of Education (USBE), Brandon Jacobson. However, due to limited budget, resources, and time, few results were achieved since the meeting, including a cybersecurity class certification and offering of advanced cybersecurity related courses on UEN’s WebEx Platform (Alpine District only).However, due to limited budget, resources, and time, few results were achieved since the meeting, including a cybersecurity class certification and offering of advanced cybersecurity related courses on UEN’s WebEx Platform (Alpine District only).The research shows that of the 9 school districts reviewed, only 2 of the public high schools taught cybersecurity-focused courses as outlined by the Utah State Board of Education. This is a scarcity that cannot be ignored. There are insufficient offerings of cybersecurity courses in Utah high schools. As a result, Utah is one of the many states unable to fill the shortage of cybersecurity professionals. Thus, this research was conducted to better understand what is inhibiting potential teachers from offering a cybersecurity-focused course. In the hopes of answering the mentioned query, the research involved surveying high school computer teachers about their experience, as well as their perspective on teaching cybersecurity.
|
9 |
What are the gaps in teaching the cybersecurity threats landscape, and what teachers need to include the subject in their curriculum?Abdirizak, Mohamed, Abobaker, Ivan January 2024 (has links)
This thesis examines the current gaps in cybersecurity education in junior high and high schools in Sweden, with a focus on the challenges of integration and the resources required for teachers to effectively instruct on cybersecurity topics. Despite the critical importance of cybersecurity in protecting digital interactions and personal data, existing curricula often lack deep and systematic integration of this essential subject. Based on qualitative interviews with 12 teachers from junior high and high schools, the researchers’ findings underscore a significant need for structured cybersecurity curricula and enhanced teacher training. The research reveals that while students are extensively engaged with digital technologies, their vulnerability to various cybersecurity threats remains due to inadequate educational frameworks. The study highlights the urgent need for curricular improvements to include comprehensive cybersecurity courses, aligned with current technological threats and the digital behaviors of students.
|
10 |
Practice-Oriented Cybersecurity Training FrameworkPodila, Laxmi Mounika January 2020 (has links)
No description available.
|
Page generated in 0.1277 seconds