Timely Feedback in Unstructured Cybersecurity Exercises

D 2018

Timely Feedback in Unstructured Cybersecurity Exercises

VYKOPAL, Jan, Radek OŠLEJŠEK, Karolína BURSKÁ and Kristína ZÁKOPČANOVÁ

Basic information

Original name

Timely Feedback in Unstructured Cybersecurity Exercises

Authors

VYKOPAL, Jan (203 Czech Republic, guarantor, belonging to the institution), Radek OŠLEJŠEK (203 Czech Republic, belonging to the institution), Karolína BURSKÁ (203 Czech Republic, belonging to the institution) and Kristína ZÁKOPČANOVÁ (203 Czech Republic, belonging to the institution)

Edition

New York, NY, USA, Proceedings of Special Interest Group on Computer Science Education, Baltimore, Maryland, USA, February 21–24, 2018(SIGCSE’18), p. 173-178, 6 pp. 2018

Publisher

ACM

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

United States of America

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

URL

RIV identification code

RIV/00216224:14610/18:00102073

Organization unit

Institute of Computer Science

ISBN

978-1-4503-5103-4

DOI

http://dx.doi.org/10.1145/3159450.3159561

UT WoS

000481890100034

Keywords in English

timely feedback; personalized feedback; cybersecurity; exercise; active learning; professional learners

Abstract

V originále

Cyber defence exercises are intensive, hands-on learning events for teams of professionals who gain or develop their skills to successfully prevent and respond to cyber attacks. The exercises mimic the real-life, routine operation of an organization which is being attacked by an unknown offender. Teams of learners receive very limited immediate feedback from the instructors during the exercise; they can usually see only a scoreboard showing the aggregated gain or loss of points for particular tasks. An in-depth analysis of learners' actions requires considerable human effort, which results in days or weeks of delay. The intensive experience is thus not followed by proper feedback facilitating actual learning, and this diminishes the effect of the exercise. In this initial work, we investigate how to provide valuable feedback to learners right after the exercise without any unnecessary delay. Based on the scoring system of a cyber defence exercise, we have developed a new feedback tool that presents an interactive, personalized timeline of exercise events. We deployed this tool during an international exercise, where we monitored participants' interactions and gathered their reflections. The results show that learners did use the new tool and rated it positively. Since this new feature is not bound to a particular defence exercise, it can be applied to all exercises that employ scoring based on the evaluation of individual exercise objectives. As a result, it enables the learner to immediately reflect on the experience gained.

Links

MUNI/A/1038/2017, interní kód MU

Name: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 18

Investor: Masaryk University, Category A

VI20162019014, research and development project

Name: Simulace, detekce a potlačení kybernetických hrozeb ohrožujících kritickou infrastrukturu (Acronym: KYPO II)

Investor: Ministry of the Interior of the CR, Simulation, Detection, and Mitigation of Cyber Threats Endangering Critical Infrastructure

Files attached

2018-SIGCSE-timely-feedback-unstructured-cybersecurity-exercises-presentation.pdf

2018-SIGCSE-timely-feedback-unstructured-cybersecurity-exercises-paper.pdf

Citovat

VYKOPAL, Jan, Radek OŠLEJŠEK, Karolína BURSKÁ and Kristína ZÁKOPČANOVÁ. Timely Feedback in Unstructured Cybersecurity Exercises. Online. In Proceedings of Special Interest Group on Computer Science Education, Baltimore, Maryland, USA, February 21–24, 2018(SIGCSE’18). New York, NY, USA: ACM, 2018, p. 173-178. ISBN 978-1-4503-5103-4. Available from: https://dx.doi.org/10.1145/3159450.3159561.

@inproceedings{1391679,
   author = {Vykopal, Jan and Ošlejšek, Radek and Burská, Karolína and Zákopčanová, Kristína},
   address = {New York, NY, USA},
   booktitle = {Proceedings of Special Interest Group on Computer Science Education, Baltimore, Maryland, USA, February 21–24, 2018(SIGCSE’18)},
   doi = {http://dx.doi.org/10.1145/3159450.3159561},
   keywords = {timely feedback; personalized feedback; cybersecurity; exercise; active learning; professional learners},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, USA},
   isbn = {978-1-4503-5103-4},
   pages = {173-178},
   publisher = {ACM},
   title = {Timely Feedback in Unstructured Cybersecurity Exercises},
   url = {https://dl.acm.org/citation.cfm?doid=3159450.3159561},
   year = {2018}
}

TY  - CONF
ID  - 1391679
AU  - Vykopal, Jan - Ošlejšek, Radek - Burská, Karolína - Zákopčanová, Kristína
PY  - 2018
TI  - Timely Feedback in Unstructured Cybersecurity Exercises
PB  - ACM
CY  - New York, NY, USA
SN  - 9781450351034
KW  - timely feedback
KW  - personalized feedback
KW  - cybersecurity
KW  - exercise
KW  - active learning
KW  - professional learners
UR  - https://dl.acm.org/citation.cfm?doid=3159450.3159561
L2  - https://dl.acm.org/citation.cfm?doid=3159450.3159561
N2  - Cyber defence exercises are intensive, hands-on learning events for teams of professionals who gain or develop their skills to successfully prevent and respond to cyber attacks. The exercises mimic the real-life, routine operation of an organization which is being attacked by an unknown offender. Teams of learners receive very limited immediate feedback from the instructors during the exercise; they can usually see only a scoreboard showing the aggregated gain or loss of points for particular tasks. An in-depth analysis of learners' actions requires considerable human effort, which results in days or weeks of delay. The intensive experience is thus not followed by proper feedback facilitating actual learning, and this diminishes the effect of the exercise. In this initial work, we investigate how to provide valuable feedback to learners right after the exercise without any unnecessary delay. Based on the scoring system of a cyber defence exercise, we have developed a new feedback tool that presents an interactive, personalized timeline of exercise events. We deployed this tool during an international exercise, where we monitored participants' interactions and gathered their reflections. The results show that learners did use the new tool and rated it positively. Since this new feature is not bound to a particular defence exercise, it can be applied to all exercises that employ scoring based on the evaluation of individual exercise objectives. As a result, it enables the learner to immediately reflect on the experience gained.
ER  -

VYKOPAL, Jan, Radek OŠLEJŠEK, Karolína BURSKÁ and Kristína ZÁKOPČANOVÁ. Timely Feedback in Unstructured Cybersecurity Exercises. Online. In \textit{Proceedings of Special Interest Group on Computer Science Education, Baltimore, Maryland, USA, February 21–24, 2018(SIGCSE’18)}. New York, NY, USA: ACM, 2018, p.~173-178. ISBN~978-1-4503-5103-4. Available from: https://dx.doi.org/10.1145/3159450.3159561.

Přehled o publikaci