Introducing and Interfacing with Cybersecurity -- A Cards Approach

• URL: http://arxiv.org/abs/2307.16535v1
• Date: Mon, 31 Jul 2023 10:01:42 GMT
• Title: Introducing and Interfacing with Cybersecurity -- A Cards Approach
• Authors: Ryan Shah, Manuel Maarek, Shenando Stals, Lynne Baillie, Sheung Chi Chan, Robert Stewart, Hans-Wolfgang Loidl, Olga Chatzifoti
• Abstract summary: The National Cyber Security Centre published a Cybersecurity Body of Knowledge (CyBOK) CyBOK contains over 1000 pages of in-depth material and may not be easy to navigate for novice individuals. We propose the use of a playing cards format to provide introductory cybersecurity knowledge.
• Score: 5.269622526990732
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cybersecurity is an important topic which is often viewed as one that is inaccessible due to steep learning curves and a perceived requirement of needing specialist knowledge. With a constantly changing threat landscape, practical solutions such as best-practices are employed, but the number of critical cybersecurity-related incidents remains high. To address these concerns, the National Cyber Security Centre published a Cybersecurity Body of Knowledge (CyBOK) to provide a comprehensive information base used to advise and underpin cybersecurity learning. Unfortunately, CyBOK contains over 1000 pages of in-depth material and may not be easy to navigate for novice individuals. Furthermore, it does not allow for easy expression of various cybersecurity scenarios that such individuals may be exposed to. As a solution to these two issues, we propose the use of a playing cards format to provide introductory cybersecurity knowledge that supports learning and discussion, using CyBOK as the foundation for the technical content. Upon evaluation in two user studies, we found that 80% of the participants agreed the cards provided them with introductory knowledge of cybersecurity topics, and 70% agreed the cards provided an interface for discussing topics and enabled them to make links between attacks, vulnerabilities and defences.

Related papers

• knowCC: Knowledge, awareness of computer & cyber ethics between CS/non-CS university students [0.0]
  This research focuses on the relations between cybersecurity awareness, cyber knowledge, computer ethics, cyber ethics, and cyber behavior. The findings express that while internet users are alert of cyber threats, they only take the most elementary and easy-to-implement precautions.
  arXiv  Detail & Related papers  (2023-10-19T12:29:26Z)
• Want to Raise Cybersecurity Awareness? Start with Future IT Professionals [0.4893345190925178]
  Our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive countermeasures. To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course.
  arXiv  Detail & Related papers  (2023-07-14T20:07:27Z)
• Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications [0.4665186371356556]
  In July 2022, the Center for Security and Emerging Technology at Georgetown University and the Program on Geopolitics, Technology, and Governance at the Stanford Cyber Policy Center convened a workshop of experts to examine the relationship between vulnerabilities in artificial intelligence systems and more traditional types of software vulnerabilities. Topics discussed included the extent to which AI vulnerabilities can be handled under standard cybersecurity processes, the barriers currently preventing the accurate sharing of information about AI vulnerabilities, legal issues associated with adversarial attacks on AI systems, and potential areas where government support could improve AI vulnerability management and mitigation.
  arXiv  Detail & Related papers  (2023-05-23T22:27:53Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• Towards Automated Classification of Attackers' TTPs by combining NLP with ML Techniques [77.34726150561087]
  We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research. Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
  arXiv  Detail & Related papers  (2022-07-18T09:59:21Z)
• Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022 [55.573187938617636]
  The workshop will focus on the application of AI to problems in cyber security. Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
  arXiv  Detail & Related papers  (2022-02-28T18:27:41Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Automating the Communication of Cybersecurity Knowledge: Multi-Case Study [1.138723572165938]
  This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses. Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices. The results of this study indicate that automated counselling can help many SMB in security adoption.
  arXiv  Detail & Related papers  (2020-07-15T10:30:20Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Experiences and Lessons Learned Creating and Validating Concept Inventories for Cybersecurity [0.0]
  Cybersecurity Concept Inventory (CCI) is for students who have recently completed any first course in cybersecurity. The Cybersecurity Curriculum Assessment (CCA) is for students who have recently completed an undergraduate major or track in cybersecurity. Each assessment tool comprises 25 multiple-choice questions (MCQs) of various difficulties that target the same five core concepts.
  arXiv  Detail & Related papers  (2020-04-10T22:40:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.