Enterprise Security Analysis and Training Experience
A holistic approach to security can be introduced by using a model that binds security measures with costs and security metrics. We describe exercises based on the graded security model, and supported by an expert system that are used for training both general managers and security experts. Trainees have to solve a number of problems under conditions that correspond to a realistic critical information infrastructure security planning situation, with the level of details depending on the expertise of trainees.
KeywordsSecurity training Graded security Security model
The authors appreciate the support of the Estonian Academy of Sciences, the target funding project SF0140007s12 of Estonian Ministry of Education and Research, the European Regional Development Fund (ERDF) through Estonian Centre of Excellence in Computer Science (EXCS) project and the project No. 3.2.1201.13-0026 Model-based Java software development technology.
- 1.Estonian Information System Authority: Three-level IT baseline security system ISKE. https://www.ria.ee/iske-en
- 2.German Federal Office for Information Security (BSI): BSI-Standard 100-2 IT Grundschutz Methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.pdf
- 3.Kivimaa, J., Kirt, T.: Evolutionary algorithms for optimal selection of security measures. In: Ottis, R. (ed.) Proceedigs of the 10th European Conferences on Information Warfare and Security, pp. 172–184. Academic Publishers, Reading, UK (2011)Google Scholar
- 5.Kivimaa, J., Ojamaa, A., Tyugu, E.: Managing evolving security situations. In: Unclassified Proceedings of the MILCOM 2009, 18–21 October 2009. IEEE, Piscataway (2009)Google Scholar
- 6.Leidos: CyberNEXS Cyber Security Training. https://www.leidos.com/cybersecurity/solutions/CyberNEXS
- 7.Lobsenz, G.: DOE Adopts New “Graded” Terrorist Protection Policy (2008). http://pogoarchives.org/m/nss/energydaily-20080826.pdf
- 8.Modeling and Simulation Group at IoC: CoCoViLa model-based software development platform. http://www.cs.ioc.ee/cocovila/
- 9.Tallinn University of Technology: Cyber security master’s programme. http://www.ttu.ee/studying/masters/masters_programmes/cyber-security/
- 10.Thompson, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET 2011. USENIX Association, Berkeley (2011)Google Scholar
- 11.U.S. DoD, Defense Information Systems Agency: CyberProtect, version 1.1. http://iase.disa.mil/eta/
- 12.U.S. DoE, Office of Information Resources: DOE O 470.3B, Graded Security Protection (GSP) Policy. https://www.directives.doe.gov/directives/0470.3-BOrder-b/view