Enterprise Security Analysis and Training Experience
- First Online:
- Cite this paper as:
- Ojamaa A., Tyugu E. (2016) Enterprise Security Analysis and Training Experience. In: Panayiotou C., Ellinas G., Kyriakides E., Polycarpou M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science, vol 8985. Springer, Cham
A holistic approach to security can be introduced by using a model that binds security measures with costs and security metrics. We describe exercises based on the graded security model, and supported by an expert system that are used for training both general managers and security experts. Trainees have to solve a number of problems under conditions that correspond to a realistic critical information infrastructure security planning situation, with the level of details depending on the expertise of trainees.