Difference between revisions of "Journal:CyberMaster: An expert system to guide the development of cybersecurity curricula"
Shawndouglas (talk | contribs) (Saving and adding more.) |
Shawndouglas (talk | contribs) (Saving and adding more.) |
||
| Line 31: | Line 31: | ||
==Introduction== | ==Introduction== | ||
[[Cybersecurity]] has become one of the most important challenges around the world. According to a compilation published by the U.S.-based Identity Theft Resource Center (ITRC), the combination of unauthorized access to confidential information and data breaches affecting U.S. organizations and customers in 2017 resulted in 1,579 breaches, with almost 179 million records exposed.<ref name="ITRC2017Breaches">{{cite web |url=https://www.idtheftcenter.org/images/breach/2017Breaches/2017AnnualDataBreachYearEndReview.pdf |format=PDF |title=2017 Annual Data Breach Year-End Review |author=Identity Theft Resource Center |date=22 January 2018}}</ref> This is an alarming increase, especially after considering the ITRC reported 1,093 breaches and just over 36.6 million records exposed in 2016.<ref name="ITRC2016Breaches">{{cite web |url=https://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf |format=PDF |title=Data Breach Reports - 2016 End of Year Report |author=Identity Theft Resource Center |date=18 January 2017}}</ref> Major types of breaches include those resulting from hacking, unauthorized access, data on the move, insider theft, accidental exposure, human error or negligence, and physical theft.<ref name="ITRCDataBreach">{{cite web |url=https://www.idtheftcenter.org/data-breaches/ |title=Data Breaches |author=Identity Theft Resource Center |date=2018}}</ref> Recent research revealed that nearly 70% of critical infrastructure companies have reported at least one security breach during 2015 that led to the disruption of operations or the loss of confidential information. Hacking remains the leading type of cyberattack, with techniques ranging from low-tech exploits, such as phishing and social engineering, to more advanced techniques such as malware, ransomware, backdoors, exploitations, or zero-day attacks.<ref name="WangData15">{{cite journal |title=Data security and threat modeling for smart city infrastructure |journal=Proceedings from the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications |author=Wang, P.; Ali, A.; Kelly, W. |pages=1–6 |year=2015 |doi=10.1109/SSIC.2015.7245322}}</ref><ref name="Wang_inVideo14">{{cite journal |title=inVideo — A novel big data analytics tool for video data analytics |journal=Proceedings from the 2014 IT Professional Conference |author=Wang, S.P.; Kelly, W. |pages=1–19 |year=2014 |doi=10.1109/ITPRO.2014.7029303}}</ref> | [[Cybersecurity]] has become one of the most important challenges around the world. According to a compilation published by the U.S.-based Identity Theft Resource Center (ITRC), the combination of unauthorized access to confidential information and data breaches affecting U.S. organizations and customers in 2017 resulted in 1,579 breaches, with almost 179 million records exposed.<ref name="ITRC2017Breaches">{{cite web |url=https://www.idtheftcenter.org/images/breach/2017Breaches/2017AnnualDataBreachYearEndReview.pdf |format=PDF |title=2017 Annual Data Breach Year-End Review |author=Identity Theft Resource Center |date=22 January 2018}}</ref> This is an alarming increase, especially after considering the ITRC reported 1,093 breaches and just over 36.6 million records exposed in 2016.<ref name="ITRC2016Breaches">{{cite web |url=https://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf |format=PDF |title=Data Breach Reports - 2016 End of Year Report |author=Identity Theft Resource Center |date=18 January 2017}}</ref> Major types of breaches include those resulting from hacking, unauthorized access, data on the move, insider theft, accidental exposure, human error or negligence, and physical theft.<ref name="ITRCDataBreach">{{cite web |url=https://www.idtheftcenter.org/data-breaches/ |title=Data Breaches |author=Identity Theft Resource Center |date=2018}}</ref> Recent research revealed that nearly 70% of critical infrastructure companies have reported at least one security breach during 2015 that led to the disruption of operations or the loss of confidential information. Hacking remains the leading type of cyberattack, with techniques ranging from low-tech exploits, such as phishing and social engineering, to more advanced techniques such as malware, ransomware, backdoors, exploitations, or zero-day attacks.<ref name="WangData15">{{cite journal |title=Data security and threat modeling for smart city infrastructure |journal=Proceedings from the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications |author=Wang, P.; Ali, A.; Kelly, W. |pages=1–6 |year=2015 |doi=10.1109/SSIC.2015.7245322}}</ref><ref name="Wang_inVideo14">{{cite journal |title=inVideo — A novel big data analytics tool for video data analytics |journal=Proceedings from the 2014 IT Professional Conference |author=Wang, S.P.; Kelly, W. |pages=1–19 |year=2014 |doi=10.1109/ITPRO.2014.7029303}}</ref> | ||
The Cybersecurity National Action Plan (CNAP) is a comprehensive plan that was developed in the U.S. but can be applied worldwide to address the cybersecurity threat by taking action to expand the cybersecurity workforce, to enhance cybersecurity education and training, and to improve cybersecurity curriculum. However, several difficulties exist that hinder the spread of cybersecurity education and training, including a lack of cybersecurity skills, a lack of resources in rural areas, and a shortage of high-quality cybersecurity courses. | |||
'''1. Poor cybersecurity skills''': Despite the existence of cybersecurity training and personnel development programs, they are not enough as they tend to be limited in focus and lack unity of effort.<ref name="WangData15" /> Additionally, there are not enough cybersecurity experts within the U.S. federal Government or private sector, and this problem is likely to be applicable to many other countries. In order to secure information systems and communication networks and maintain technical advantage over perpetrators of cybercrime, it is essential to develop a skilled, cyber-savvy workforce and an effective pipeline of future employees.<ref name="EvansAHuman10">{{cite web |url=https://www.csis.org/analysis/human-capital-crisis-cybersecurity |title=A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters |authors=Evans, K.; Reeder, F. |publisher=Center for Strategic & International Studies |date=15 November 2010 |pages=35 |isbn=9780892066094}}</ref> This requires that cybersecurity education reaches all students in the country, especially high school and college students. | |||
==References== | ==References== | ||
Revision as of 20:17, 23 September 2019
| Full article title | CyberMaster: An expert system to guide the development of cybersecurity curricula |
|---|---|
| Journal | International Journal of Online and Biomedical Engineering |
| Author(s) | Hodhod, Rania; Khan, Shamim; Wang, Shuangbao |
| Author affiliation(s) | Columbus State University |
| Primary contact | Email: hodhod_rania at columbusstate dot edu |
| Year published | 2019 |
| Volume and issue | 15(3) |
| Page(s) | 70–81 |
| DOI | 10.3991/ijoe.v15i03.9890 |
| ISSN | 2626-8493 |
| Distribution license | Creative Commons Attribution 3.0 Austria |
| Website | https://online-journals.org/index.php/i-joe/article/view/9890 |
| Download | https://online-journals.org/index.php/i-joe/article/view/9890/5463 (PDF) |
 |
This article should not be considered complete until this message box has been removed. This is a work in progress. |
Abstract
The growing number of reported cyberattacks poses a difficult challenge to individuals, governments, and organizations. Adequate protection of information systems urgently requires a cybersecurity-educated workforce trained using a curriculum that covers the essential skills required for different cybersecurity work roles. The goal of the CyberMaster expert system is to assist inexperienced instructors with cybersecurity course design. It is an intelligent system that uses visual feedback to guide the user through the design process. Initial test executions show the promise of such a system in addressing the enormous shortage of cybersecurity experts currently available for designing courses and training programs.
Keywords: cybersecurity, expert systems, NICE Framework
Introduction
Cybersecurity has become one of the most important challenges around the world. According to a compilation published by the U.S.-based Identity Theft Resource Center (ITRC), the combination of unauthorized access to confidential information and data breaches affecting U.S. organizations and customers in 2017 resulted in 1,579 breaches, with almost 179 million records exposed.[1] This is an alarming increase, especially after considering the ITRC reported 1,093 breaches and just over 36.6 million records exposed in 2016.[2] Major types of breaches include those resulting from hacking, unauthorized access, data on the move, insider theft, accidental exposure, human error or negligence, and physical theft.[3] Recent research revealed that nearly 70% of critical infrastructure companies have reported at least one security breach during 2015 that led to the disruption of operations or the loss of confidential information. Hacking remains the leading type of cyberattack, with techniques ranging from low-tech exploits, such as phishing and social engineering, to more advanced techniques such as malware, ransomware, backdoors, exploitations, or zero-day attacks.[4][5]
The Cybersecurity National Action Plan (CNAP) is a comprehensive plan that was developed in the U.S. but can be applied worldwide to address the cybersecurity threat by taking action to expand the cybersecurity workforce, to enhance cybersecurity education and training, and to improve cybersecurity curriculum. However, several difficulties exist that hinder the spread of cybersecurity education and training, including a lack of cybersecurity skills, a lack of resources in rural areas, and a shortage of high-quality cybersecurity courses.
1. Poor cybersecurity skills: Despite the existence of cybersecurity training and personnel development programs, they are not enough as they tend to be limited in focus and lack unity of effort.[4] Additionally, there are not enough cybersecurity experts within the U.S. federal Government or private sector, and this problem is likely to be applicable to many other countries. In order to secure information systems and communication networks and maintain technical advantage over perpetrators of cybercrime, it is essential to develop a skilled, cyber-savvy workforce and an effective pipeline of future employees.[6] This requires that cybersecurity education reaches all students in the country, especially high school and college students.
References
- ↑ Identity Theft Resource Center (22 January 2018). "2017 Annual Data Breach Year-End Review" (PDF). https://www.idtheftcenter.org/images/breach/2017Breaches/2017AnnualDataBreachYearEndReview.pdf.
- ↑ Identity Theft Resource Center (18 January 2017). "Data Breach Reports - 2016 End of Year Report" (PDF). https://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf.
- ↑ Identity Theft Resource Center (2018). "Data Breaches". https://www.idtheftcenter.org/data-breaches/.
- ↑ 4.0 4.1 Wang, P.; Ali, A.; Kelly, W. (2015). "Data security and threat modeling for smart city infrastructure". Proceedings from the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications: 1–6. doi:10.1109/SSIC.2015.7245322.
- ↑ Wang, S.P.; Kelly, W. (2014). "inVideo — A novel big data analytics tool for video data analytics". Proceedings from the 2014 IT Professional Conference: 1–19. doi:10.1109/ITPRO.2014.7029303.
- ↑ "A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters". Center for Strategic & International Studies. 15 November 2010. pp. 35. ISBN 9780892066094. https://www.csis.org/analysis/human-capital-crisis-cybersecurity.
Notes
This presentation attempts to remain faithful to the original, with only a few minor changes to presentation. Grammar and punctuation has been updated reasonably to improve readability. In some cases important information was missing from the references, and that information was added. In several cases, data was represented without a citation; an appropriate citation was added for this version.
