Cyber range design framework for cyber security education and training

The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2023-08, Vol.22 (4), p.1005-1027
Hauptverfasser: Katsantonis, M. N., Manikas, A., Mavridis, I., Gritzalis, D.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1027
container_issue 4
container_start_page 1005
container_title International journal of information security
container_volume 22
creator Katsantonis, M. N.
Manikas, A.
Mavridis, I.
Gritzalis, D.
description The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.
doi_str_mv 10.1007/s10207-023-00680-4
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2841659082</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2841659082</sourcerecordid><originalsourceid>FETCH-LOGICAL-c363t-f99c8f2089b6f091e5a6d16a5b2358bb666c1800786bbc2c91ad98aed5fe9ea43</originalsourceid><addsrcrecordid>eNp9kMFKAzEQhoMoWKsv4CngOTrJNmlylGJVKHjRc0iySdlqd-tkF-nbm3ZFb55mDt__D_MRcs3hlgPM7zIHAXMGomIASgObnZAJV1wyKeZw-rsrcU4uct4ACA6GT8hysfcRKbp2HWkdc7NuaUK3jV8dvtPUIQ1HIMcwYNPvaayH4Pqma6lra9qja9qmXV-Ss-Q-crz6mVPytnx4XTyx1cvj8-J-xUKlqp4lY4JOArTxKpX7UTpVc-WkF5XU3iulAtflIa28DyIY7mqjXaxliia6WTUlN2PvDrvPIebebroB23LSCj3jShrQolBipAJ2OWNMdofN1uHecrAHX3b0ZYsve_RlD9XVGMoFLjbwr_qf1Dcu2m2z</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2841659082</pqid></control><display><type>article</type><title>Cyber range design framework for cyber security education and training</title><source>SpringerNature Journals</source><source>EBSCOhost Business Source Complete</source><creator>Katsantonis, M. N. ; Manikas, A. ; Mavridis, I. ; Gritzalis, D.</creator><creatorcontrib>Katsantonis, M. N. ; Manikas, A. ; Mavridis, I. ; Gritzalis, D.</creatorcontrib><description>The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-023-00680-4</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Coding and Information Theory ; Communications Engineering ; Computer Communication Networks ; Computer Science ; Cryptology ; Cybersecurity ; Distance learning ; Effectiveness ; Management of Computing and Information Systems ; Networks ; Operating Systems ; Regular Contribution ; Training</subject><ispartof>International journal of information security, 2023-08, Vol.22 (4), p.1005-1027</ispartof><rights>The Author(s) 2023</rights><rights>The Author(s) 2023. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c363t-f99c8f2089b6f091e5a6d16a5b2358bb666c1800786bbc2c91ad98aed5fe9ea43</citedby><cites>FETCH-LOGICAL-c363t-f99c8f2089b6f091e5a6d16a5b2358bb666c1800786bbc2c91ad98aed5fe9ea43</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-023-00680-4$$EPDF$$P50$$Gspringer$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-023-00680-4$$EHTML$$P50$$Gspringer$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>Katsantonis, M. N.</creatorcontrib><creatorcontrib>Manikas, A.</creatorcontrib><creatorcontrib>Mavridis, I.</creatorcontrib><creatorcontrib>Gritzalis, D.</creatorcontrib><title>Cyber range design framework for cyber security education and training</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.</description><subject>Coding and Information Theory</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Cryptology</subject><subject>Cybersecurity</subject><subject>Distance learning</subject><subject>Effectiveness</subject><subject>Management of Computing and Information Systems</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Regular Contribution</subject><subject>Training</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>C6C</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9kMFKAzEQhoMoWKsv4CngOTrJNmlylGJVKHjRc0iySdlqd-tkF-nbm3ZFb55mDt__D_MRcs3hlgPM7zIHAXMGomIASgObnZAJV1wyKeZw-rsrcU4uct4ACA6GT8hysfcRKbp2HWkdc7NuaUK3jV8dvtPUIQ1HIMcwYNPvaayH4Pqma6lra9qja9qmXV-Ss-Q-crz6mVPytnx4XTyx1cvj8-J-xUKlqp4lY4JOArTxKpX7UTpVc-WkF5XU3iulAtflIa28DyIY7mqjXaxliia6WTUlN2PvDrvPIebebroB23LSCj3jShrQolBipAJ2OWNMdofN1uHecrAHX3b0ZYsve_RlD9XVGMoFLjbwr_qf1Dcu2m2z</recordid><startdate>20230801</startdate><enddate>20230801</enddate><creator>Katsantonis, M. N.</creator><creator>Manikas, A.</creator><creator>Mavridis, I.</creator><creator>Gritzalis, D.</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>C6C</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20230801</creationdate><title>Cyber range design framework for cyber security education and training</title><author>Katsantonis, M. N. ; Manikas, A. ; Mavridis, I. ; Gritzalis, D.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c363t-f99c8f2089b6f091e5a6d16a5b2358bb666c1800786bbc2c91ad98aed5fe9ea43</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Coding and Information Theory</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Cryptology</topic><topic>Cybersecurity</topic><topic>Distance learning</topic><topic>Effectiveness</topic><topic>Management of Computing and Information Systems</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Regular Contribution</topic><topic>Training</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Katsantonis, M. N.</creatorcontrib><creatorcontrib>Manikas, A.</creatorcontrib><creatorcontrib>Mavridis, I.</creatorcontrib><creatorcontrib>Gritzalis, D.</creatorcontrib><collection>Springer Nature OA Free Journals</collection><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>Access via ABI/INFORM (ProQuest)</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Criminal Justice Database</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Katsantonis, M. N.</au><au>Manikas, A.</au><au>Mavridis, I.</au><au>Gritzalis, D.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cyber range design framework for cyber security education and training</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2023-08-01</date><risdate>2023</risdate><volume>22</volume><issue>4</issue><spage>1005</spage><epage>1027</epage><pages>1005-1027</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-023-00680-4</doi><tpages>23</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2023-08, Vol.22 (4), p.1005-1027
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_journals_2841659082
source SpringerNature Journals; EBSCOhost Business Source Complete
subjects Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Distance learning
Effectiveness
Management of Computing and Information Systems
Networks
Operating Systems
Regular Contribution
Training
title Cyber range design framework for cyber security education and training
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T23%3A57%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cyber%20range%20design%20framework%20for%20cyber%20security%20education%20and%20training&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Katsantonis,%20M.%20N.&rft.date=2023-08-01&rft.volume=22&rft.issue=4&rft.spage=1005&rft.epage=1027&rft.pages=1005-1027&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-023-00680-4&rft_dat=%3Cproquest_cross%3E2841659082%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2841659082&rft_id=info:pmid/&rfr_iscdi=true