Introducing Serious Games as a Master Course in Information Security Management Programs

2022 ◽  
pp. 483-506
Author(s):  
Grethe Østby ◽  
Stewart James Kowalski
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Serious Games ◽  
Learning Experiences ◽  
Incident Response ◽  
Information Security Management ◽  
Security Incident ◽  
Response Training ◽  
Security Challenges ◽  
Type Of Exercise

In this chapter, the authors outline their process for introducing serious games as a course in an Information Security Master Course Program at the Norwegian University of Science and Technology. The process is built on the author's experiences from both participating, coaching, judging, and even arranging serious games and cyber security challenges. With the lack of cultural recipes (or shared experiences) in information and cyber security from previous generations, these recipes must be learned in other environments. Given the efficiency of using exercises for incident response training, the authors suggest that information and cyber security incident response can be learned efficiently through serious games as one type of exercise. The authors suggest that serious games give relevant learning experiences from both developing them and participating in them, and they suggest these learning experiences as part of the course, in addition to necessary instructions.

RESEARCH OF IRP SYSTEMS BASED ON THE ANALYSIS OF MECHANISMS OF RESPONSE TO INFORMATION SECURITY INCIDENTS

2021 ◽  
Vol 53 (1) ◽  
pp. 74-82
Author(s):  
ANDREY R. OCHEREDKO ◽  
◽  
DMITRIY A. BACHMANOV ◽  
MICHAEL M. PUTYATO ◽  
ALEXANDER S. MAKARYAN ◽  
...  
Keyword(s):  
Information Security ◽  
Software Implementation ◽  
Incident Response ◽  
Security Incident ◽  
Expert Opinions ◽  
Python Language ◽  
Phishing Attacks ◽  
Comparison Results ◽  
Response Systems ◽  
Security Incidents

The article discusses the features and functions of information security incident response systems. The analysis of modern IRP solutions is presented and the process of responding to typical incidents in systems of this class is described. Based on expert opinions, a list of criteria was formed, which were divided into groups by areas of functional responsibility for further comparison of the work of IRP systems. The assessment of the main and additional characteristics of IRP-systems was carried out using the formed criterion groups. The analysis of the comparison results showed that the most promising solutions are R-Vision IRP, IBM Resilient IRP and open-source solution - The Hive. The algorithm of the module for preventing phishing attacks was developed and presented, the software implementation of which was made using the Python language. As part of the integration capabilities of The Hive, a custom response function was implemented that not only potentially improved the system's performance in preventing phishing attacks, but also increased employee awareness of this threat. The result is an IRP system with personal flexible customization of individual elements and is the basis for the formation of the Security Center (SOC), which will bring the information security of organizations to a new level.

scholarly journals Simulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams

2014 ◽  
Vol 58 (1) ◽  
pp. 427-431 ◽  
Author(s):  
Theodore Reed ◽  
Robert G. Abbott ◽  
Benjamin Anderson ◽  
Kevin Nauer ◽  
Chris Forsythe
Keyword(s):  
Cyber Security ◽  
Incident Response ◽  
Security Incident

scholarly journals Observing Cyber Security Incident Response: Qualitative Themes From Field Research

2019 ◽  
Vol 63 (1) ◽  
pp. 437-441 ◽  
Author(s):  
Megan Nyre-Yu ◽  
Robert S. Gutzwiller ◽  
Barrett S. Caldwell
Keyword(s):  
Computer Security ◽  
Cyber Security ◽  
Field Research ◽  
Future Research ◽  
Incident Response ◽  
Organization Learning ◽  
Security Incident ◽  
Technology Advancement ◽  
Contextual Understanding ◽  
Different Levels

Cyber security increasingly focuses on the challenges faced by network defenders. Cultural and security-driven sentiments about external observation, as well as publication concerns, limit the ability of researchers to understand the context surrounding incident response. Context awareness is crucial to inform design and engineering. Furthermore, these perspectives can be heavily influenced by the targeted sector or industry of the research. Together, a lack of broad contextual understanding may be biasing approaches to improving operations, and driving faulty assumptions in cyber teams. A qualitative field study was conducted in three computer security incident response teams (CSIRTs) and included perspectives of government, academia, and private sector teams. Themes emerged and provide insights across multiple aspects of incident response, including information sharing, organization, learning, and automation. The need to focus on vertical integration of issues at different levels of the incident response system is also discussed. Future research will build upon these results, using them to inform technology advancement in CSIR settings.

Identifying factors of “organizational information security management”

2014 ◽  
Vol 27 (5) ◽  
pp. 644-667 ◽  
Author(s):  
Abhishek Narain Singh ◽  
M.P. Gupta ◽  
Amitabh Ojha
Keyword(s):  
Information Security ◽  
Key Management ◽  
Security Management ◽  
Information Security Management ◽  
Content Type ◽  
Security Challenges ◽  
Organizational Information ◽  
Security Challenge ◽  
Management Factors ◽  
Technical Solutions

Purpose – Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations also need to consider the management aspects of information security. Consequently, literature, especially in the last decade, has witnessed various scholarly works in this direction. Therefore, a synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward. The purpose of this paper is to identify management factors that address organizational information security challenges. Design/methodology/approach – Using a mix method approach, the paper adopts the qualitative (keyword analysis and experts’ opinion) and quantitative (questionnaire survey) research routes. Exploratory factor analysis is conducted to find out the key factors of organizational ISM. Findings – The paper categorizes various organizational ISM functions into ten factors. Spanning across three levels (strategic, tactical and operational), these factors cover various management issues of organizational ISM. Originality/value – The paper takes the ISM literature forward by statistically validating the key management factors of organizational ISM. The study outcome should help to draw the attention of organizations toward the managerial challenges of organizational ISM.

Sign in / Sign up

Export Citation Format

Share Document