Developing cyber security competences using NICE KSAs in cyber ranges
Trent, Amir (2020)
Avaa tiedosto
Lataukset:
Trent, Amir
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020121728905
https://urn.fi/URN:NBN:fi:amk-2020121728905
Tiivistelmä
This Bachelor’s thesis delves into the significance of cyber ranges and how they can contribute to university cyber security programs. The goal of the thesis project was twofold: firstly, to bring awareness of the applications of cyber range technology and how it can support cyber security curriculums; and secondly, to suggest how cyber ranges can be used with the NICE framework KSAs to improve cyber security competences in universities.
The thesis report consists of a theoretical framework where the National Initiative for Cybersecurity Education (NICE) competence framework is presented, and the concept of cyber ranges is introduced and defined. The NICE Framework structure and purpose is detailed and the use of it in academia is explored. Furthermore, the NICE Framework is discussed in conjunction with the use of cyber ranges in the past. The theoretical framework will elaborate on the history of cyber ranges, their functions, components, use cases and delivery methods as well as discuss the benefits and challenges in utilizing cyber ranges.
The empirical section compares three cyber ranges in terms of price and usability and presents the selection criteria and justification for selecting one of the three for further review. This section also presents a mapping of a cyber range scenario against a NICE framework work role and corresponding Knowledge, Skills, and Abilities (KSAs) as well as a demonstration of the cyber range application in play. The mapping identifies NICE KSAs that are developed through the simulation exercise, which is showed in the cyber range simulation. The interactive cyber range exercise involves completing an assignment using cyber-related tools in a simulated environment and collecting feedback from the activity.
The concluding section of this thesis presents the findings of the relationship between NICE Framework KSAs and a cyber range activity in relation to the Exploitation Analyst work role. Additionally, it presents other advantages that cyber range exercises provide. The conclusion of the thesis summarizes the importance of cyber ranges and how they can be utilized with the application of NICE KSAs elements to develop competencies required for specific work roles.
Keywords: Cyber range, NICE Framework, Cyber security training, KSAs
The thesis report consists of a theoretical framework where the National Initiative for Cybersecurity Education (NICE) competence framework is presented, and the concept of cyber ranges is introduced and defined. The NICE Framework structure and purpose is detailed and the use of it in academia is explored. Furthermore, the NICE Framework is discussed in conjunction with the use of cyber ranges in the past. The theoretical framework will elaborate on the history of cyber ranges, their functions, components, use cases and delivery methods as well as discuss the benefits and challenges in utilizing cyber ranges.
The empirical section compares three cyber ranges in terms of price and usability and presents the selection criteria and justification for selecting one of the three for further review. This section also presents a mapping of a cyber range scenario against a NICE framework work role and corresponding Knowledge, Skills, and Abilities (KSAs) as well as a demonstration of the cyber range application in play. The mapping identifies NICE KSAs that are developed through the simulation exercise, which is showed in the cyber range simulation. The interactive cyber range exercise involves completing an assignment using cyber-related tools in a simulated environment and collecting feedback from the activity.
The concluding section of this thesis presents the findings of the relationship between NICE Framework KSAs and a cyber range activity in relation to the Exploitation Analyst work role. Additionally, it presents other advantages that cyber range exercises provide. The conclusion of the thesis summarizes the importance of cyber ranges and how they can be utilized with the application of NICE KSAs elements to develop competencies required for specific work roles.
Keywords: Cyber range, NICE Framework, Cyber security training, KSAs