Abstract
Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Intel: A guide to the Internet of Things. Intel (2015). https://www-ssl.intel.com/content/www/us/en/internet-of-things/infographics/guide-to-iot.html
Storm, D.: Hackers allegedly attack polish LOT airline, 10 flights and over 1,400 people grounded. Computer World (2015). https://www.computerworld.com/article/2938485/hackers-allegedly-attack-polish-lot-airline-10-flights-and-over-1-400-people-grounded.html. article 2938485
Khandelwal, S.: United airlines hacked by sophisticated hacking group. The Hacker News (2015). https://thehackernews.com/2015/07/united-airlines-hacked.html
Hirschfeld, J.D.: Hacking of government computers exposed 21.5 million people. New York Times 9 (2015). https://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html
Newcomb, A.: Anthem hack may have impacted millions of non-customers as well. ABC News (2015). https://abcnews.go.com/Technology/anthem-hack-impacted-millions-customers/story?id=29212840
Al-Ghamdi, A.S.A.-M.: A survey on software security testing techniques. Int. J. Comput. Sci. Telecommun. 4(4), 14–18 (2013)
Salas, M.I.P., Martins, E.: Security testing methodologies for vulnerabilities detection of XSS in web services and WS-security. Electron. Notes Theor. Comput. Sci. 302, 133–154 (2014)
Hatzivasilis, G., et al.: AmbISPDM. Appl. Intell. 48(6), 1623–1643 (2017)
Santa, I.: A users’ guide: how to raise information security awareness. ENISA Rep. 1–140 (2010)
Manifavas, C., Fysarakis, K., Rantos, K., Hatzivasilis, G.: DSAPE – dynamic security awareness program evaluation. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 258–269. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_23
Bird, J., Kim, F.: Survey on application security programs and practices. SANS Anal. Surv. 1–24 (2014)
Trustwave: Security testing practices and priorities. An Osterman Res. Surv. Rep. 1–15 (2016)
Hatzivasilis, G., et al.: WARDOG: Awareness detection watchdog for Botnet infection on the host device. IEEE Trans. Sustain. Comput. Spec. Issue Sustain. Inf. Forensic Comput. 1–18 (2019)
Hatzivasilis, G., Fysarakis, K., Askoxylakis, I., Bilanakos, A.: CloudNet anti-malware engine: GPU-accelerated network monitoring for cloud services. In: Fournaris, A.P., Lampropoulos, K., MarĂn Tordera, E. (eds.) IOSec 2018. LNCS, vol. 11398, pp. 122–133. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12085-6_11
Hatzivasilis, G.: Password-hashing status. Cryptography 1(2), 1–31 (2017). MDPI Open Access Journal, number 10
Shillair, R., et al.: Online safety begins with you and me: convincing Internet users to protect themselves. Comput. Hum. Behav. 48, 199–207 (2015)
Safa, N.S., Rossouw, V.S.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442–451 (2016)
Beckers, K., Pape, S., Fries, V.: HATCH: hack and trick capricious humans – a serious game on social engineering. In: HCI Conference Fusion, Bournemouth, UK, pp. 1–3 (2016)
Boopathi, K., Sreejith, S., Bithin, A.: Learning cyber security through gamification. Indian J. Sci. Technol. 8(7), 642–649 (2015)
Schreuders, Z.C., Butterfield, E.: Gamification for teaching and learning computer security in higher education. In: ASE, USENIX, Austin, TX, USA, pp. 1–8 (2016)
SANS: Online cyber security training. https://www.sans.org/online-security-training/
CYBERINTERNACADEMY: Complete cybersecurity course review on CYBERINERNACADEMY. https://www.cyberinternacademy.com/complete-cybersecurity-course-guide-review/
StationX: Online cyber security & hacking courses. https://www.stationx.net/
Cybrary: Develop security skills. https://www.cybrary.it/
AwareGO: Security awareness training. https://www.awarego.com/
BeOne Development: Security awareness training. https://www.beonedevelopment.com/en/security-awareness/
ISACA: CyberSecurity Nexus (CSX) training platform. https://cybersecurity.isaca.org/csx-certifications/csx-training-platform
Kaspersky: Kaspersky security awareness. https://www.kaspersky.com/enterprise-security/security-awareness
CyberBit: Cyber security training platform. https://www.cyberbit.com/blog/security-training/cyber-security-training-platform/
Bundesamt fĂĽr Sicherheit in der Informationstechnik (BSI)/Federal Office for Information Security, Germany. Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP) (2013)
Katopodis, S., Spanoudakis, G., Mahbub, K.: Towards hybrid cloud service certification models. In: International Conference on Services Computing, pp. 394–399 (June 2014)
Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Software security, privacy and dependability: metrics and measurement. IEEE Softw. 33(4), 46–54 (2016)
Cichonski, P., et al.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–79 (2012)
Acknowledgements
This work has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreements No. 769066 (RESIST) and No. 786890 (THREAT-ARREST).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Soultatos, O. et al. (2020). The THREAT-ARREST Cyber-Security Training Platform. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-42051-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42050-5
Online ISBN: 978-3-030-42051-2
eBook Packages: Computer ScienceComputer Science (R0)