Design of a cyber security awareness campaign to be implemented in a quarantine laboratory
Abstract
Humans are still the weakest link in the cyber security chain. Cyber criminals are working faster than users can defend themselves. In this research work, we investigate effective counter-measures to help users stay secure and not be vulnerable to cyber threats. We have designed a training program that introduces university students to several types of cyber attacks. The program is not designed to target one specific major and classification, but rather a variety of majors and classifications. The program includes presentations and hands-on exercises that attract the participant's attention. In order to assess whether the participants retained the presented material, we use a game dubbed "Name that Attack" where the participants are given a scenario and they have to name what type of common cyber attack it is. In addition, on the next day following the training, the participants would be sent a phishing attack via e-mail to see if they would fall victims to this type of attack. By going through the training, we anticipate that the participants will increase their awareness about cyber attacks and be less susceptible to cyber crime.
References
[1]
Faeq Alrimawi, Liliana Pasquale, Deepak Mehta, and Bashar Nuseibeh. I've seen this before: Sharing cyber-physical incident knowledge. In Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, pages 33--40, 2018.
[2]
Ramakrishna Ayyagari and Norilyz Figueroa. Is seeing believing? Training users on information security: Evidence from java applets. Journal of Information Systems Education, 28(2):115--121, 2017.
[3]
Agnė Brilingaitė, Linas Bukauskas, Virgilijus Krinickij, and Eduardas Kutka. Environment for cybersecurity tabletop exercises. In ECGBL 2017 11th European Conference on Game-Based Learning, pages 47--55, 2017.
[4]
Yu Cai and Todd Arney. Cybersecurity should be taught top-down and case-driven. In Proceedings of the 18th Annual Conference on Information Technology Education, pages 103--108, 2017.
[5]
Aparna Das, David Voorhees, Cynthia Choi, and Carl E. Landwehr. Cybersecurity for future presidents: An interdisciplinary non-majors course. In Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, pages 141--146, 2017.
[6]
Daniel Conte de Leon, Ananth A. Jillepalli, Victor J. House, Jim Alves-Foss, and Frederick T. Sheldon. Tutorials and laboratory for hands-on OS cybersecurity instruction. Journal of Computing Sciences in Colleges, 34(1):242--254, 2018.
[7]
Tanya Estes, James Finocchiaro, Jean Blair, Johnathan Robison, Justin Dalme, Michael Emana, Luke Jenkins, and Edward Sobiesk. A capstone design project for teaching cybersecurity to non-technical users. In Proceedings of the 17th Annual Conference on Information Technology Education, pages 142--147, 2016.
[8]
Vitaly Ford, Ambareen Siraj, Ada Haynes, and Eric Brown. Capture the flag unplugged: An offline cyber competition. In Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, pages 225--230, 2017.
[9]
Marco Ghiglieri and Martin Stopczynski. SecLab: An innovative approach to learn and understand current security and privacy issues. In Proceedings of the 17th Annual Conference on Information Technology Education, pages 67--72, 2016.
[10]
Nicole Henderson. Can frequent security training help thwart "as-a-service" attacks? http://www.itprotoday.com/strategy/can-frequent-security-training-help-thwart-service-attacks, 2017.
[11]
Ehinome Ikhalia, Alan Serrano, and Johnnes Arreymbi. Deploying social network security awareness through Mass Interpersonal Persuasion (MIP). In International Conference on Cyber Warfare and Security, pages 668--674, 2018.
[12]
Ge Jin, Manghui Tu, Tae-Hoon Kim, Justin Heffron, and Jonathan White. Game based cybersecurity training for high school students. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education, pages 68--73, 2018.
[13]
Jared J. Meyers, Derek L. Hansen, Justin S. Giboney, and Dale C. Rowe. Training future cybersecurity professionals in spear phishing using SiEVE. In Proceedings of the 19th Annual SIG Conference on Information Technology Education, pages 135--140, 2018.
[14]
Jackson Muhirwe. Towards a 3-D approach to cybersecurity awareness for college students. In Proceedings of the 17th Annual Conference on Information Technology Education, pages 105--105, 2016.
[15]
Cuong Pham, Dat Tang, Ken-Ichi Chinen, and Razvan Beuran. CyRIS: A cyber range instantiation system for facilitating security training. In Proceedings of the Seventh Symposium on Information and Communication Technology, pages 251--258, 2016.
[16]
Patrickson Weanquoi, Jaris Johnson, and Jinghua Zhang. Using a game to teach about phishing. In Proceedings of the 18th Annual Conference on Information Technology Education, pages 75--75, 2017.
- Design of a cyber security awareness campaign to be implemented in a quarantine laboratory
Recommendations
Government regulations in cyber security: Framework, standards and recommendations
AbstractCyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Comments
Information & Contributors
Information
Published In
April 2020
98 pages
Publisher
Consortium for Computing Sciences in Colleges
Evansville, IN, United States
Publication History
Published: 01 April 2020
Published in JCSC Volume 35, Issue 9
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 133Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)3
Reflects downloads up to 10 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in