Related papers: Bridging Cybersecurity Practice and Law: a Hands-on, Scenario-Based Curriculum Using the NICE Framework to Foster Skill Development

Bridging Cybersecurity Practice and Law: a Hands-on, Scenario-Based Curriculum Using the NICE Framework to Foster Skill Development

URL: http://arxiv.org/abs/2509.17263v1
Date: Sun, 21 Sep 2025 22:36:30 GMT
Title: Bridging Cybersecurity Practice and Law: a Hands-on, Scenario-Based Curriculum Using the NICE Framework to Foster Skill Development
Authors: Colman McGuan, Aadithyan V. Raghavan, Komala M. Mandapati, Chansu Yu, Brian E. Ray, Debbie K. Jackson, Sathish Kumar,
Abstract summary: This paper identifies the most frequent attack vectors for small-medium businesses (SMBs)<n>It proposes a practical model of both technical and non-technical tasks, knowledge, skills, abilities (TKSA) from the NICE Framework for those attacks.<n>By immersing learners in realistic cyber threat scenarios, their practical understanding and preparedness in responding cybersecurity incidents is enhanced.
Score: 0.2555114504478013
License: http://creativecommons.org/licenses/by/4.0/
Abstract: In an increasingly interconnected world, cybersecurity professionals play a pivotal role in safeguarding organizations from cyber threats. To secure their cyberspace, organizations are forced to adopt a cybersecurity framework such as the NIST National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity (NICE Framework). Although these frameworks are a good starting point for businesses and offer critical information to identify, prevent, and respond to cyber incidents, they can be difficult to navigate and implement, particularly for small-medium businesses (SMB). To help overcome this issue, this paper identifies the most frequent attack vectors to SMBs (Objective 1) and proposes a practical model of both technical and non-technical tasks, knowledge, skills, abilities (TKSA) from the NICE Framework for those attacks (Objective 2). The research develops a scenario-based curriculum. By immersing learners in realistic cyber threat scenarios, their practical understanding and preparedness in responding to cybersecurity incidents is enhanced (Objective 3). Finally, this work integrates practical experience and real-life skill development into the curriculum (Objective 4). SMBs can use the model as a guide to evaluate, equip their existing workforce, or assist in hiring new employees. In addition, educational institutions can use the model to develop scenario-based learning modules to adequately equip the emerging cybersecurity workforce for SMBs. Trainees will have the opportunity to practice both technical and legal issues in a simulated environment, thereby strengthening their ability to identify, mitigate, and respond to cyber threats effectively.

Related papers

CurricuLLM: Designing Personalized and Workforce-Aligned Cybersecurity Curricula Using Fine-Tuned LLMs [0.0]
CurricuLLM is a framework for automated design and analysis of cybersecurity curricula.<n>Our approach provides three key contributions: (1) automation of personalized curriculum design, (2) a data-driven pipeline aligned with industry demands, and (3) a comprehensive methodology for leveraging fine-tuned LLMs in curriculum development.
arXiv Detail & Related papers (2026-01-08T13:43:15Z)
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities [42.61805002268063]
We introduce PACEbench, a practical AI cyber-exploitation benchmark.<n>PACEbench comprises four scenarios spanning single, blended, chained, and defense vulnerability exploitations.<n>We propose PACEagent, a novel agent that emulates human penetration testers by supporting multi-phase reconnaissance, analysis, and exploitation.
arXiv Detail & Related papers (2025-10-13T17:50:25Z)
CAI Fluency: A Framework for Cybersecurity AI Fluency [0.0]
This work introduces CAI Fluency, an an educational platform of the Cybersecurity AI (CAI) framework.<n>The main objective of the CAI framework is to accelerate the widespread adoption and effective use of artificial intelligence-based cybersecurity solutions.<n>This technical report serves as a white-paper, as well as detailed educational and practical guide that helps users understand the principles behind the CAI framework.
arXiv Detail & Related papers (2025-08-19T07:42:54Z)
Enabling Cyber Security Education through Digital Twins and Generative AI [1.2619493260255112]
Digital Twins (DTs) are gaining prominence in cybersecurity for their ability to replicate complex IT infrastructures.<n>This study investigates how integrating DTs with penetration testing tools and Large Language Models (LLMs) can enhance cybersecurity education.
arXiv Detail & Related papers (2025-07-23T13:55:35Z)
Report on NSF Workshop on Science of Safe AI [75.96202715567088]
New advances in machine learning are leading to new opportunities to develop technology-based solutions to societal problems.<n>To fulfill the promise of AI, we must address how to develop AI-based systems that are accurate and performant but also safe and trustworthy.<n>This report is the result of the discussions in the working groups that addressed different aspects of safety at the workshop.
arXiv Detail & Related papers (2025-06-24T18:55:29Z)
Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report [50.268821168513654]
We present Foundation-Sec-8B, a cybersecurity-focused large language model (LLMs) built on the Llama 3.1 architecture.<n>We evaluate it across both established and new cybersecurity benchmarks, showing that it matches Llama 3.1-70B and GPT-4o-mini in certain cybersecurity-specific tasks.<n>By releasing our model to the public, we aim to accelerate progress and adoption of AI-driven tools in both public and private cybersecurity contexts.
arXiv Detail & Related papers (2025-04-28T08:41:12Z)
Cyber Defense Reinvented: Large Language Models as Threat Intelligence Copilots [36.809323735351825]
CYLENS is a cyber threat intelligence copilot powered by large language models (LLMs)<n>CYLENS is designed to assist security professionals throughout the entire threat management lifecycle.<n>It supports threat attribution, contextualization, detection, correlation, prioritization, and remediation.
arXiv Detail & Related papers (2025-02-28T07:16:09Z)
A Case Study in Gamification for a Cybersecurity Education Program: A Game for Cryptography [0.0]
Gamification offers an innovative approach to provide practical hands-on experiences.<n>This paper presents a real-world case study of a gamified cryptography teaching tool.
arXiv Detail & Related papers (2025-02-10T17:36:46Z)
Integrating Cybersecurity Frameworks into IT Security: A Comprehensive Analysis of Threat Mitigation Strategies and Adaptive Technologies [0.0]
The cybersecurity threat landscape is constantly actively making it imperative to develop sound frameworks to protect the IT structures.<n>This paper aims to discuss the application of cybersecurity frameworks into the IT security with focus placed on the role of such frameworks in addressing the changing nature of cybersecurity threats.<n>The discussion also singles out such technologies as Artificial Intelligence (AI) and Machine Learning (ML) as the core for real-time threat detection and response mechanisms.
arXiv Detail & Related papers (2025-02-02T03:38:48Z)
Artificial intelligence and cybersecurity in banking sector: opportunities and risks [0.0]
Machine learning (ML) enables systems to adapt and learn from vast datasets.<n>This study highlights the dual-use nature of AI tools, which can be used by malicious users.<n>The paper emphasizes the importance of developing machine learning models with key characteristics such as security, trust, resilience and robustness.
arXiv Detail & Related papers (2024-11-28T22:09:55Z)
Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z)
Purple Llama CyberSecEval: A Secure Coding Benchmark for Language Models [41.068780235482514]
This paper presents CyberSecEval, a comprehensive benchmark developed to help bolster the cybersecurity of Large Language Models (LLMs) employed as coding assistants. CyberSecEval provides a thorough evaluation of LLMs in two crucial security domains: their propensity to generate insecure code and their level of compliance when asked to assist in cyberattacks.
arXiv Detail & Related papers (2023-12-07T22:07:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.