Difference between revisions of "Journal:CyberMaster: An expert system to guide the development of cybersecurity curricula"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
Line 39: Line 39:


3. '''Course quality assurance''': : Well-designed courses are those designed in a way that ensures quality course design and appropriate content while fulfilling student study requirements.<ref name="DráždilováCompu10">{{cite book |chapter=Computational Intelligence Methods for Data Analysis and Mining of eLearning Activities |title=Computational Intelligence for Technology Enhanced Learning |author=Dráždilová, P.; Obadi, G.; Slaninová, K. et al. |editor=Xhafa, F.; Caballé, S.; Abraham, A. et al. |publisher=Springer |pages=195–224 |year=2010 |doi=10.1007/978-3-642-11224-9_9 |isbn=9783642112249}}</ref> Evaluations of the developed courses can be difficult to quantify and may involve more than just surveys to collect meaningful data.<ref name="DráždilováCompu10" /> In addition, courses undergo constant revisions.<ref name="WangUsing15">{{cite journal |title=Using Novel Video Indexing and Data Analytics Tool to Enhance Interactions in e-Learning |journal=Proceedings of E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education |author=Wang, S.; Kelly, W.; Zhang, J. |pages=1919–27 |year=2015 |url=https://www.learntechlib.org/primary/p/152242/}}</ref><ref name="WangANovel15">{{cite journal |title=A Novel Threat Analysis and Risk Mitigation Approach to Prevent Cyber Intrusions |journal=Journal of the Colloquium for Information System Security Education |author=Wang, S.P.; Kelly, W.; Wang, X. |volume=3 |issue=1 |pages=157–74 |year=2015 |url=https://cisse.info/journal/index.php/cisse/article/view/35}}</ref> Usually, participant evaluations and/or assessment tools are often used to solicit feedback and collect data to evaluate the quality of design and course material.<ref name="ShoemakerAGuide18">{{cite book |title=A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) |author=Shoemaker, D.; Kohnke, A.; Sigler, K. |publisher=Auerbach Publications |year=2016 |isbn=9781315368207 |doi=10.1201/9781315368207}}</ref> A number of resources are required to apply these evaluation instruments, including human resources and time, which are two particularly restricting factors when it comes to rural districts. Automated evaluation of the quality of course design can be the way to address this challenge.
3. '''Course quality assurance''': : Well-designed courses are those designed in a way that ensures quality course design and appropriate content while fulfilling student study requirements.<ref name="DráždilováCompu10">{{cite book |chapter=Computational Intelligence Methods for Data Analysis and Mining of eLearning Activities |title=Computational Intelligence for Technology Enhanced Learning |author=Dráždilová, P.; Obadi, G.; Slaninová, K. et al. |editor=Xhafa, F.; Caballé, S.; Abraham, A. et al. |publisher=Springer |pages=195–224 |year=2010 |doi=10.1007/978-3-642-11224-9_9 |isbn=9783642112249}}</ref> Evaluations of the developed courses can be difficult to quantify and may involve more than just surveys to collect meaningful data.<ref name="DráždilováCompu10" /> In addition, courses undergo constant revisions.<ref name="WangUsing15">{{cite journal |title=Using Novel Video Indexing and Data Analytics Tool to Enhance Interactions in e-Learning |journal=Proceedings of E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education |author=Wang, S.; Kelly, W.; Zhang, J. |pages=1919–27 |year=2015 |url=https://www.learntechlib.org/primary/p/152242/}}</ref><ref name="WangANovel15">{{cite journal |title=A Novel Threat Analysis and Risk Mitigation Approach to Prevent Cyber Intrusions |journal=Journal of the Colloquium for Information System Security Education |author=Wang, S.P.; Kelly, W.; Wang, X. |volume=3 |issue=1 |pages=157–74 |year=2015 |url=https://cisse.info/journal/index.php/cisse/article/view/35}}</ref> Usually, participant evaluations and/or assessment tools are often used to solicit feedback and collect data to evaluate the quality of design and course material.<ref name="ShoemakerAGuide18">{{cite book |title=A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) |author=Shoemaker, D.; Kohnke, A.; Sigler, K. |publisher=Auerbach Publications |year=2016 |isbn=9781315368207 |doi=10.1201/9781315368207}}</ref> A number of resources are required to apply these evaluation instruments, including human resources and time, which are two particularly restricting factors when it comes to rural districts. Automated evaluation of the quality of course design can be the way to address this challenge.
In an effort to inspire solutions and innovations in cybersecurity curriculum development, the U.S. National Institute of Standards and Technology (NIST) published the ''National Initiative for Cybersecurity Education Framework'' (''NICE Framework''). It is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. The NICE Framework consists of seven categories, 31 specialty areas, 369 KSAs (Knowledge, Skills and Abilities), and 65 competencies. In addition, it has 444 tasks under the various specialty areas.<ref name="NIST_NICEFrame">{{cite web |url=https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework |title=NICE Cybersecurity Workforce Framework |author=National Institute of Standards and Technology |work=NIST Special Publication 800-181 |date=August 2017}}</ref>
This paper presents an interactive course design system for the rapid development of cybersecurity curriculum and training by novice instructors. It utilizes a highly visual interface and [[artificial intelligence]] techniques like rule-based inferencing to guide the design process. The system is based on a [[Cloud computing|cloud-compuring]] platform, which offers advantages such as simplified software installation and maintenance, in addition to centralized control over versioning. Moreover, end users can access the service anytime from anywhere, sharing data and collaborating more easily.
The paper continues in the next section with a brief discussion of related work, especially the application of expert systems. The third section explains how knowledge gathering takes place in the expert system presented in this paper and how knowledge is represented using concept maps. Then, the role of a user model in providing tailored feedback for user guidance is discussed. The penultimate section discusses how evaluation of designed courses takes place, and the paper ends with concluding remarks.
==Related work==




Revision as of 21:30, 23 September 2019

Full article title CyberMaster: An expert system to guide the development of cybersecurity curricula
Journal International Journal of Online and Biomedical Engineering
Author(s) Hodhod, Rania; Khan, Shamim; Wang, Shuangbao
Author affiliation(s) Columbus State University
Primary contact Email: hodhod_rania at columbusstate dot edu
Year published 2019
Volume and issue 15(3)
Page(s) 70–81
DOI 10.3991/ijoe.v15i03.9890
ISSN 2626-8493
Distribution license Creative Commons Attribution 3.0 Austria
Website https://online-journals.org/index.php/i-joe/article/view/9890
Download https://online-journals.org/index.php/i-joe/article/view/9890/5463 (PDF)
This article should not be considered complete until this message box has been removed. This is a work in progress.

Abstract

The growing number of reported cyberattacks poses a difficult challenge to individuals, governments, and organizations. Adequate protection of information systems urgently requires a cybersecurity-educated workforce trained using a curriculum that covers the essential skills required for different cybersecurity work roles. The goal of the CyberMaster expert system is to assist inexperienced instructors with cybersecurity course design. It is an intelligent system that uses visual feedback to guide the user through the design process. Initial test executions show the promise of such a system in addressing the enormous shortage of cybersecurity experts currently available for designing courses and training programs.

Keywords: cybersecurity, expert systems, NICE Framework

Introduction

Cybersecurity has become one of the most important challenges around the world. According to a compilation published by the U.S.-based Identity Theft Resource Center (ITRC), the combination of unauthorized access to confidential information and data breaches affecting U.S. organizations and customers in 2017 resulted in 1,579 breaches, with almost 179 million records exposed.[1] This is an alarming increase, especially after considering the ITRC reported 1,093 breaches and just over 36.6 million records exposed in 2016.[2] Major types of breaches include those resulting from hacking, unauthorized access, data on the move, insider theft, accidental exposure, human error or negligence, and physical theft.[3] Recent research revealed that nearly 70% of critical infrastructure companies have reported at least one security breach during 2015 that led to the disruption of operations or the loss of confidential information. Hacking remains the leading type of cyberattack, with techniques ranging from low-tech exploits, such as phishing and social engineering, to more advanced techniques such as malware, ransomware, backdoors, exploitations, or zero-day attacks.[4][5]

The Cybersecurity National Action Plan (CNAP) is a comprehensive plan that was developed in the U.S. but can be applied worldwide to address the cybersecurity threat by taking action to expand the cybersecurity workforce, to enhance cybersecurity education and training, and to improve cybersecurity curriculum. However, several difficulties exist that hinder the spread of cybersecurity education and training, including a lack of cybersecurity skills, a lack of resources in rural areas, and a shortage of high-quality cybersecurity courses.

1. Poor cybersecurity skills: Despite the existence of cybersecurity training and personnel development programs, they are not enough as they tend to be limited in focus and lack unity of effort.[4] Additionally, there are not enough cybersecurity experts within the U.S. federal Government or private sector, and this problem is likely to be applicable to many other countries. In order to secure information systems and communication networks and maintain technical advantage over perpetrators of cybercrime, it is essential to develop a skilled, cyber-savvy workforce and an effective pipeline of future employees.[6] This requires that cybersecurity education reaches all students in the country, especially high school and college students.

2. Rural districts: Major obstacles exist to expanding the efforts to deliver high-caliber education in rural areas.[7] Rural districts in the United States make up more than half (57 percent) of all public districts in the country, while educating approximately one quarter (12 million) of all students nationwide, which make scaling and innovating across the country a challenging prospect.[8] Rural schools often face geographical isolation, shortages in specialized staff, poor physical working conditions, and limited resources[9], making access to educational programs inadequate.[7] Better technology and telecommunication can lower those barriers[7] and maximize the natural advantages of rural schools, alleviating the disadvantages.[10]

3. Course quality assurance: : Well-designed courses are those designed in a way that ensures quality course design and appropriate content while fulfilling student study requirements.[11] Evaluations of the developed courses can be difficult to quantify and may involve more than just surveys to collect meaningful data.[11] In addition, courses undergo constant revisions.[12][13] Usually, participant evaluations and/or assessment tools are often used to solicit feedback and collect data to evaluate the quality of design and course material.[14] A number of resources are required to apply these evaluation instruments, including human resources and time, which are two particularly restricting factors when it comes to rural districts. Automated evaluation of the quality of course design can be the way to address this challenge.

In an effort to inspire solutions and innovations in cybersecurity curriculum development, the U.S. National Institute of Standards and Technology (NIST) published the National Initiative for Cybersecurity Education Framework (NICE Framework). It is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. The NICE Framework consists of seven categories, 31 specialty areas, 369 KSAs (Knowledge, Skills and Abilities), and 65 competencies. In addition, it has 444 tasks under the various specialty areas.[15]

This paper presents an interactive course design system for the rapid development of cybersecurity curriculum and training by novice instructors. It utilizes a highly visual interface and artificial intelligence techniques like rule-based inferencing to guide the design process. The system is based on a cloud-compuring platform, which offers advantages such as simplified software installation and maintenance, in addition to centralized control over versioning. Moreover, end users can access the service anytime from anywhere, sharing data and collaborating more easily.

The paper continues in the next section with a brief discussion of related work, especially the application of expert systems. The third section explains how knowledge gathering takes place in the expert system presented in this paper and how knowledge is represented using concept maps. Then, the role of a user model in providing tailored feedback for user guidance is discussed. The penultimate section discusses how evaluation of designed courses takes place, and the paper ends with concluding remarks.

Related work

References

  1. Identity Theft Resource Center (22 January 2018). "2017 Annual Data Breach Year-End Review" (PDF). https://www.idtheftcenter.org/images/breach/2017Breaches/2017AnnualDataBreachYearEndReview.pdf. 
  2. Identity Theft Resource Center (18 January 2017). "Data Breach Reports - 2016 End of Year Report" (PDF). https://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf. 
  3. Identity Theft Resource Center (2018). "Data Breaches". https://www.idtheftcenter.org/data-breaches/. 
  4. 4.0 4.1 Wang, P.; Ali, A.; Kelly, W. (2015). "Data security and threat modeling for smart city infrastructure". Proceedings from the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications: 1–6. doi:10.1109/SSIC.2015.7245322. 
  5. Wang, S.P.; Kelly, W. (2014). "inVideo — A novel big data analytics tool for video data analytics". Proceedings from the 2014 IT Professional Conference: 1–19. doi:10.1109/ITPRO.2014.7029303. 
  6. "A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters". Center for Strategic & International Studies. 15 November 2010. pp. 35. ISBN 9780892066094. https://www.csis.org/analysis/human-capital-crisis-cybersecurity. 
  7. 7.0 7.1 7.2 Galston, W.A.; Baehler, K. (1995). Rural Development in the United States: Connecting Theory, Practice, and Possibilities (2nd ed.). Island Press. ISBN 9781559633260. 
  8. National Center for Education Statistics (July 2013). "The Status of Rural Education". The Condition of Education. https://nces.ed.gov/programs/coe/indicator_tla.asp. Retrieved 12 April 2017. 
  9. Schwartzbeck, T.D.; Prince, C.D.; Redfield, D. et al. (19 December 2003). "How Are Rural Districts Meeting the Teacher Quality Requirements of No Child Left Behind?" (PDF). Appalachia Educational Laboratory. https://aasa.org/uploadedFiles/Policy_and_Advocacy/files/RuralTeacherQualityStudy.pdf. 
  10. Beckner, W.; Barker, B.O. (1994). Technology in Rural Education. Phi Delta Kappa Educational Foundation. ISBN 0873673662. 
  11. 11.0 11.1 Dráždilová, P.; Obadi, G.; Slaninová, K. et al. (2010). "Computational Intelligence Methods for Data Analysis and Mining of eLearning Activities". In Xhafa, F.; Caballé, S.; Abraham, A. et al.. Computational Intelligence for Technology Enhanced Learning. Springer. pp. 195–224. doi:10.1007/978-3-642-11224-9_9. ISBN 9783642112249. 
  12. Wang, S.; Kelly, W.; Zhang, J. (2015). "Using Novel Video Indexing and Data Analytics Tool to Enhance Interactions in e-Learning". Proceedings of E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education: 1919–27. https://www.learntechlib.org/primary/p/152242/. 
  13. Wang, S.P.; Kelly, W.; Wang, X. (2015). "A Novel Threat Analysis and Risk Mitigation Approach to Prevent Cyber Intrusions". Journal of the Colloquium for Information System Security Education 3 (1): 157–74. https://cisse.info/journal/index.php/cisse/article/view/35. 
  14. Shoemaker, D.; Kohnke, A.; Sigler, K. (2016). A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0). Auerbach Publications. doi:10.1201/9781315368207. ISBN 9781315368207. 
  15. National Institute of Standards and Technology (August 2017). "NICE Cybersecurity Workforce Framework". NIST Special Publication 800-181. https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework. 

Notes

This presentation attempts to remain faithful to the original, with only a few minor changes to presentation. Grammar and punctuation has been updated reasonably to improve readability. In some cases important information was missing from the references, and that information was added. In several cases, data was represented without a citation; an appropriate citation was added for this version. In one original reference, only the author—the NCES—is given, with no other details; an assumption was made that they were citing Chapter 3 of the Condition of Education report from 2013, which contains the statistics they reference.

Retrieved from "https://www.limswiki.org/index.php?title=Journal:CyberMaster:_An_expert_system_to_guide_the_development_of_cybersecurity_curricula&oldid=36418"