An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models

Gencer Erdogan; Åsmund Hugo; Antonio Romero; Dario Varano; Niccolò Zazzeri; Anže Žitnik

doi:10.5220/0009892105090520

An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models

Gencer Erdogan, Åsmund Hugo, Antonio Romero, Dario Varano, Niccolò Zazzeri, Anže Žitnik

2020

Abstract

There is an urgent need for highly skilled cybersecurity professionals, and at the same time there is an awareness gap and lack of integrated training modules on cybersecurity related aspects on all school levels. In order to address this need and bridge the awareness gap, we propose a method to train and evaluate the cybersecurity skills of participants in cyber ranges based on cyber-risk models. Our method consists of five steps: create cyber-risk model, identify risk treatments, setup training scenario, run training scenario, and evaluate the performance of participants. The target users of our method are the White Team and Green Team who typically design and execute training scenarios in cyber ranges. The output of our method, however, is an evaluation report for the Blue Team and Red Team participants being trained in the cyber range. We have applied our method in three large scale pilots from academia, transport, and energy. Our initial results indicate that the method is easy to use and comprehensible for training scenario developers (White/Green Team), develops cyber-risk models that facilitate real-time evaluation of participants in training scenarios, and produces useful feedback to the participants (Blue/Red Team) in terms of strengths and weaknesses regarding cybersecurity skills.

Download

Paper Citation

in Harvard Style

Erdogan G., Hugo Å., Romero A., Varano D., Zazzeri N. and Žitnik A. (2020). An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models.In Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT, ISBN 978-989-758-443-5, pages 509-520. DOI: 10.5220/0009892105090520

in Bibtex Style

@conference{icsoft20,
author={Gencer Erdogan and Åsmund Hugo and Antonio Romero and Dario Varano and Niccolò Zazzeri and Anže Žitnik},
title={An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models},
booktitle={Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,},
year={2020},
pages={509-520},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009892105090520},
isbn={978-989-758-443-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Conference on Software Technologies - Volume 1: ICSOFT,
TI - An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models
SN - 978-989-758-443-5
AU - Erdogan G.
AU - Hugo Å.
AU - Romero A.
AU - Varano D.
AU - Zazzeri N.
AU - Žitnik A.
PY - 2020
SP - 509
EP - 520
DO - 10.5220/0009892105090520