Using Holistic Approach to Developing Cybersecurity Simulation Environments
Using Holistic Approach to Developing Cybersecurity Simulation Environments

Summary/Abstract: As the scale and complexity of the cyber threat landscape is rapidly evolving, with increasing number of cyber attacks on all types of organisations, the pressure on the cybersecurity resilience of organizations is also gaining importance. In order to prepare organizations to counter advanced cyber attacks, specific training and realistic exercise procedures and supporting simulation environments are required. These simulation environments should be able to support and adequately prepare organisations to counter advanced cyber threats. Currently there is a wide variety of e-environments for cyber exercises. They vary from e-learning platforms offering static content, to virtualization based environments, to computer simulations and serious gaming and proprietary systems offered by software and consulting companies. Simulation based exercises are an excellent tool to transfer outcomes defined in the training curriculum in to the practice. Virtual-based simulation can be defined as an imitation of reality by using virtual environments or virtual programs on the computer. The range of different virtual methods varies from a basic video to an immersive, three-dimensional virtual environment. In this article we analyze existing e-learning platforms for cybersecurity training and education, and propose an integrated, multidisciplinary approach to cybersecurity training and exercising, allowing different levels of IT personnel in the organisation to understand how they shall cooperate to be prepared to defend the organisation. We are arguing that a common methodological and pedagogical framework to cybersecurity training can and should be utilized both by the educational institutions providing cybersecurity education, and by the organizations specializing on cyber drills. This framework will support technologically advanced simulation environments with a holistic model of professional competence, which integrates knowing, understanding, doing and situation management into learning outcomes as one component, and with a knowledge transfer methodology that focuses on finding and implementing the best methods to stimulate people to think and/or act differently in the cyber domain. The proposed framework will take inputs from existing works such as ENISA’s “Good practice guide on training methodologies”, ECSO’s position paper on “Gaps in European Cyber Education and Professional Training” and other relevant works, and will apply learning by developing pedagogical model in the context of cybersecurity simulation environments.

• Details
• Contents