BEURAN, Razvan, Jan VYKOPAL, Daniela BELAJOVÁ, Pavel ČELEDA, Yasuo TAN and Yoichi SHINODA. Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms. Computers & Security. Elsevier, 2023, vol. 128, No 103120, p. 1-14. ISSN 0167-4048. Available from: https://dx.doi.org/10.1016/j.cose.2023.103120.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms
Authors BEURAN, Razvan, Jan VYKOPAL (203 Czech Republic, guarantor, belonging to the institution), Daniela BELAJOVÁ (703 Slovakia, belonging to the institution), Pavel ČELEDA (203 Czech Republic, belonging to the institution), Yasuo TAN and Yoichi SHINODA.
Edition Computers & Security, Elsevier, 2023, 0167-4048.
Other information
Original language English
Type of outcome Article in a journal
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Netherlands
Confidentiality degree is not subject to a state or trade secret
WWW Published version on Elsevier ScienceDirect
Impact factor Impact factor: 5.600 in 2022
RIV identification code RIV/00216224:14610/23:00130278
Organization unit Institute of Computer Science
Doi http://dx.doi.org/10.1016/j.cose.2023.103120
UT WoS 000934040600001
Keywords in English capability assessment; comparative analysis; cybersecurity training platforms; cyber range; cybersecurity training exercises
Tags rivok
Tags International impact, Reviewed
Changed by Changed by: doc. Ing. Pavel Čeleda, Ph.D., učo 206086. Changed: 2/2/2024 18:48.
Abstract
Cybersecurity training is a key endeavour for ensuring that the IT workforce possess the knowledge and practical skills required to counter the ever-increasing cybersecurity threats that our society is faced with. While some related systems, such as Capture The Flag platforms, have been available for almost one decade, platforms that support full-fledged cybersecurity training exercises have only been released as open source in recent years. Given the complexity of such cybersecurity training platforms, the question that arises is how to meaningfully evaluate and compare their capabilities in order to identify the most suitable solution for a given type of organization and/or training activity. In this paper, we introduce a capability assessment methodology for cybersecurity training platforms that focuses on the three key aspects of training: content representation, environment management, and training facilitation. The assessment tool that we developed is used to evaluate two open-source cybersecurity training platforms, CyTrONE and KYPO. We then conduct a comparative analysis of these two platforms based on our first-hand developer experience with them, and discuss the lessons learned from implementing, deploying and using these platforms. The assessment tool and the detailed technical comparative analysis that we conducted are intended as instruments and references for anyone who plans to deploy or develop cybersecurity training platforms.
Links
EF16_019/0000822, research and development projectName: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
MUNI/A/1389/2022, interní kód MUName: Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice
Investor: Masaryk University
PrintDisplayed: 17/7/2024 09:30