Presentation is loading. Please wait.

Presentation is loading. Please wait.

CyberCIEGE: An Interactive Tool for Information Assurance Training and Education Presented to FISSEA 22-23 March 2005, North Bethesda, MD Dr. Cynthia Irvine.

Published byPamela Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "CyberCIEGE: An Interactive Tool for Information Assurance Training and Education Presented to FISSEA 22-23 March 2005, North Bethesda, MD Dr. Cynthia Irvine."— Presentation transcript:

1 CyberCIEGE: An Interactive Tool for Information Assurance Training and Education Presented to FISSEA 22-23 March 2005, North Bethesda, MD Dr. Cynthia Irvine Naval Postgraduate School

2 22-23 March 2005 2 CyberCIEGE Team Naval Postgraduate School – Cynthia Irvine – Michael Thompson – Albert Wong – Matthew Rose – Naomi Falby – Students Klaus Fielk Ken Johns Rob Lamore Justin Lamoire Marc Meyer Tait Leng Teo Rivermind – Ken Allen – Bill Chinn – Scott Gallardo – Brian Morgan Sponsors – US Navy NETC ONR – OSD

3 22-23 March 2005 3 CyberCIEGE Solution Teaching tool that engages the imagination Virtual world shows consequences of security choices Student responsible for organization IT – Keep organization virtual users happy Purchase hardware and software components Design networks Configure components Manage IT staff Ensure physical security Require background checks for certain information access Provide IA training Ensure that security does not get in the way of productivity – Protect organization information assets from cyber threats Greater asset value  greater attacker motivation

4 22-23 March 2005 4 Motivation Information Assurance is implicit in everyone’s job – Personnel need to understand their important role in IA – Administrators must know security impact of choices – Managers must understand how IT infrastructure can support (or detract) from security policy enforcement – Certifiers must appreciate big-picture security Problem: – Training and Awareness can be boring – Good security practice is not “automatic” Should be like washing hands and using seat belts – Many security measures combine for overall security Complexity is hard to convey and hard to internalize

5 22-23 March 2005 5 Elements of CyberCIEGE Simulation Engine – All security policies & wide variety of security mechanisms – Graphics easily added Scenario Definition Language – Describes how Simulation Engine runs – Rich semantics – Triggers for “plot twists” and to log student progress Scenario Definition Tool – Supports scenario creation using a GUI Encyclopedia – How to use the game, security facts, why you lost Movies – Supplements encyclopedia

6 22-23 March 2005 6 Scenario Definition Tool

7 22-23 March 2005 7 CyberCIEGE Use Student presented with objectives Scenario includes – Physical setting – Virtual users, each with work goals Also have happiness factors – Enterprise assets, each with two values Value to enterprise Value to attackers Student must meet objective – Secure physical environment – Keep users happy and productive – Apply enough security to keep attackers away But do not interfer with user productivity! Complex scenarios may have phases Logs record student success or failure

8 22-23 March 2005 8 CyberCIEGE Screen

9 22-23 March 2005 9 Example: DoD Directive 8570.1 Create Scenario(s) to depict your organization – Can be run in stages – Emphasize security policy and procedures key for your organization – Logs show student progress and success – Scenarios for different user populations Awareness for typical users Training for key personnel – CyberCIEGE does not replace specific HW/SW training Education, Training and Awareness – Supplement existing classes – Create new scenarios for classes Example: Certifier Case Study Scenarios

10 22-23 March 2005 10 Meeting Mandates for IA ETA Mandates for IA Education, Training & Awareness More ETA requirements Resources for achieving goals limited How can you ensure that – All personnel have annual IA awareness training? – Personnel put training into daily practice? – Make system administrators &certifiers aware of complex issues? Interdependencies Impact on organizational productivity CyberCIEGE is fun – Contains hooks for student assessment – Can be tailored to your organization

11 22-23 March 2005 11 CyberCIEGE Opportunities Tailor CyberCIEGE for your organization – Example: Medical/Health Create artwork for clinic or hospital Develop scenarios for HIPPA and health-specific topics Develop tools for automated student assessment Develop tools for progressive scenarios CyberCIEGE website for sharing Advanced versions of CyberCIEGE – Wireless Mobile ad hoc presents changing topology and devices – Multiplayer Students attack others and defend their organization Want something big? Combine forces! NPS and Rivermind Seeking Partners

12 22-23 March 2005 12 More Information Available to US Government at no cost – Sim. Engine, Current Scenarios, SDT, Encyclopedia, Movies Non-government availability – Contact Rivermind for a pre-release license – First Rivermind commercial release: April 2005 CyberCIEGE Website http://cisr.nps.navy.mil/cyberciege.html CyberCIEGE Email cyberciege@nps.edu Naval Postgraduate School – Cynthia Irvine irvine@nps.edu Rivermind, Inc – Ken Allen kallen@rivermind.com

Download ppt "CyberCIEGE: An Interactive Tool for Information Assurance Training and Education Presented to FISSEA 22-23 March 2005, North Bethesda, MD Dr. Cynthia Irvine."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
A centre of expertise in digital information managementwww.ukoln.ac.uk Approaches To E-Learning: Developing An E-Learning Strategy Brian Kelly UKOLN University.

A centre of expertise in digital information managementwww.ukoln.ac.uk Approaches To E-Learning: Developing An E-Learning Strategy Brian Kelly UKOLN University.
CONFIDENTIAL: Presented under NDA, do not redistribute EDU Windows EDU Proof of Concept (POC) Program Program Overview for Schools Partner Name Partner.

CONFIDENTIAL: Presented under NDA, do not redistribute EDU Windows EDU Proof of Concept (POC) Program Program Overview for Schools Partner Name Partner.
Computing Studies Is it for me? Click here to find out…

Computing Studies Is it for me? Click here to find out…
Page 2 Agenda Page 3 History –Blue Print, 2000 –GIS Process 1.2, 2001 (training only) –GIS Process 2.0, 2003-4 (ITIL based - not implemented) –Supply/Demand.

Page 2 Agenda Page 3 History –Blue Print, 2000 –GIS Process 1.2, 2001 (training only) –GIS Process 2.0, (ITIL based - not implemented) –Supply/Demand.
Www.QinetiQ-NA.com © QinetiQ North America, Inc. 2010 QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.

Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.
Annual SERC Research Review - Student Presentation, October 5-6, 2011 1 Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.

Annual SERC Research Review - Student Presentation, October 5-6, Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Chapter 4 Computer Software.

Chapter 4 Computer Software.

Similar presentations

Ads by Google