Capability Assessment Methodology and Comparative Analysis of
Cybersecurity Training Platforms

J 2023

Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms

BEURAN, Razvan, Jan VYKOPAL, Daniela BELAJOVÁ, Pavel ČELEDA, Yasuo TAN et. al.

Základní údaje

Originální název

Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms

Autoři

BEURAN, Razvan, Jan VYKOPAL (203 Česká republika, garant, domácí), Daniela BELAJOVÁ (703 Slovensko, domácí), Pavel ČELEDA (203 Česká republika, domácí), Yasuo TAN a Yoichi SHINODA

Vydání

Computers & Security, Elsevier, 2023, 0167-4048

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Nizozemské království

Utajení

není předmětem státního či obchodního tajemství

Odkazy

Published version on Elsevier ScienceDirect

Impakt faktor

Impact factor: 5.600 v roce 2022

Kód RIV

RIV/00216224:14610/23:00130278

Organizační jednotka

Ústav výpočetní techniky

DOI

http://dx.doi.org/10.1016/j.cose.2023.103120

UT WoS

000934040600001

Klíčová slova anglicky

capability assessment; comparative analysis; cybersecurity training platforms; cyber range; cybersecurity training exercises

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 2. 2. 2024 18:48, doc. Ing. Pavel Čeleda, Ph.D.

Anotace

V originále

Cybersecurity training is a key endeavour for ensuring that the IT workforce possess the knowledge and practical skills required to counter the ever-increasing cybersecurity threats that our society is faced with. While some related systems, such as Capture The Flag platforms, have been available for almost one decade, platforms that support full-fledged cybersecurity training exercises have only been released as open source in recent years. Given the complexity of such cybersecurity training platforms, the question that arises is how to meaningfully evaluate and compare their capabilities in order to identify the most suitable solution for a given type of organization and/or training activity. In this paper, we introduce a capability assessment methodology for cybersecurity training platforms that focuses on the three key aspects of training: content representation, environment management, and training facilitation. The assessment tool that we developed is used to evaluate two open-source cybersecurity training platforms, CyTrONE and KYPO. We then conduct a comparative analysis of these two platforms based on our first-hand developer experience with them, and discuss the lessons learned from implementing, deploying and using these platforms. The assessment tool and the detailed technical comparative analysis that we conducted are intended as instruments and references for anyone who plans to deploy or develop cybersecurity training platforms.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

MUNI/A/1389/2022, interní kód MU

Název: Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

Investor: Masarykova univerzita, Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

Citovat

BEURAN, Razvan, Jan VYKOPAL, Daniela BELAJOVÁ, Pavel ČELEDA, Yasuo TAN a Yoichi SHINODA. Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms. Computers & Security. Elsevier, 2023, roč. 128, č. 103120, s. 1-14. ISSN 0167-4048. Dostupné z: https://dx.doi.org/10.1016/j.cose.2023.103120.

@article{2252358,
   author = {Beuran, Razvan and Vykopal, Jan and Belajová, Daniela and Čeleda, Pavel and Tan, Yasuo and Shinoda, Yoichi},
   article_number = {103120},
   doi = {http://dx.doi.org/10.1016/j.cose.2023.103120},
   keywords = {capability assessment; comparative analysis; cybersecurity training platforms; cyber range; cybersecurity training exercises},
   language = {eng},
   issn = {0167-4048},
   journal = {Computers & Security},
   title = {Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms},
   url = {https://www.sciencedirect.com/science/article/pii/S0167404823000305},
   volume = {128},
   year = {2023}
}

TY  - JOUR
ID  - 2252358
AU  - Beuran, Razvan - Vykopal, Jan - Belajová, Daniela - Čeleda, Pavel - Tan, Yasuo - Shinoda, Yoichi
PY  - 2023
TI  - Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms
JF  - Computers & Security
VL  - 128
IS  - 103120
SP  - 1-14
EP  - 1-14
PB  - Elsevier
SN  - 01674048
KW  - capability assessment
KW  - comparative analysis
KW  - cybersecurity training platforms
KW  - cyber range
KW  - cybersecurity training exercises
UR  - https://www.sciencedirect.com/science/article/pii/S0167404823000305
N2  - Cybersecurity training is a key endeavour for ensuring that the IT workforce possess the knowledge and practical skills required to counter the ever-increasing cybersecurity threats that our society is faced with. While some related systems, such as Capture The Flag platforms, have been available for almost one decade, platforms that support full-fledged cybersecurity training exercises have only been released as open source in recent years. Given the complexity of such cybersecurity training platforms, the question that arises is how to meaningfully evaluate and compare their capabilities in order to identify the most suitable solution for a given type of organization and/or training activity. In this paper, we introduce a capability assessment methodology for cybersecurity training platforms that focuses on the three key aspects of training: content representation, environment management, and training facilitation. The assessment tool that we developed is used to evaluate two open-source cybersecurity training platforms, CyTrONE and KYPO. We then conduct a comparative analysis of these two platforms based on our first-hand developer experience with them, and discuss the lessons learned from implementing, deploying and using these platforms. The assessment tool and the detailed technical comparative analysis that we conducted are intended as instruments and references for anyone who plans to deploy or develop cybersecurity training platforms.
ER  -

BEURAN, Razvan, Jan VYKOPAL, Daniela BELAJOVÁ, Pavel ČELEDA, Yasuo TAN a Yoichi SHINODA. Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms. \textit{Computers \&{} Security}. Elsevier, 2023, roč.~128, č.~103120, s.~1-14. ISSN~0167-4048. Dostupné z: https://dx.doi.org/10.1016/j.cose.2023.103120.

Podrobný výpis o publikaci