nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Teaching as a Collaborative Practice: Reframing Security Practitioners as Navigators

verfasst von : Patricia A. H. Williams, Lizzie Coles-Kemp

Erschienen in: Transactions on Edutainment XV

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The need is growing for a workforce with both technical skills and the ability to navigate existing and emerging information security challenges. Practitioners can no longer depend upon process-driven approaches to people, processes and IT systems to manage information security. They need to be navigators of the entire environment to effectively integrate controls to protect information and technology. The research presented in this paper trialed an innovative tactile learning activity developed through the European Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security (TREsPASS) project with tertiary education students, designed to provide students with experience in real-world modelling of complex information security scenarios. The outcomes demonstrate that constructing such models in an educational setting are a means of encouraging exploration of the multiple dimensions of security. Such teaching may be a means of teaching social, organization and technical navigation skills necessary to integrate security controls in complex settings.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Cybersecurity Curriculum Design: A Survey

Nächstes Kapitel Pedagogical Approach to Effective Cybersecurity Teaching

Australian Government: Protective Security Policy Framework. Australian Government, Attorney-General’s Department (2016). https://www.protectivesecurity.gov.au/informationsecurity/Pages/default.aspx. Accessed 30 Nov 2017

GOV.UK: Security Policy Framework. Cabinet Office, Government Security Profession and National Security Intelligence (2014). https://www.gov.uk/government/publications/security-policy-framework. Accessed 30 Nov 2017

TechWorld: 28 of the most infamous data breaches (2017). https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/. Accessed 30 Nov 2017

Burdon, M., Siganto, J., Coles-Kemp, L.: The regulatory challenges of Australian information security practice. Comput. Law Secur. Rev. 32(4), 623–633 (2016)CrossRef

NCSC: CESG Certification for IA Professionals and Guidance to Certification for IA Professionals documents. National Technical Authority for Information Assurance, UK. (2015). https://www.ncsc.gov.uk/articles/cesg-certification-ia-professionals-and-guidance-certification-ia-professionals-documents. Accessed 30 Nov 2017

November, V., Camacho-Hübner, E., Latour, B.: Entering a risky territory: space in the age of digital navigation. Environ. Plan. D Soc. Space 28(4), 581–599 (2010)CrossRef

Coles-Kemp, L., Overill, R.E.: On the role of the facilitator in information security risk assessment. J. Comput. Virol. 3(2), 143–148 (2007)CrossRef

Vasenev, A., Montoya, L., Ceccarelli, A., Le, A., Ionita, D.: Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids. In: Hu, J., Leung, Victor C.M., Yang, K., Zhang, Y., Gao, J., Yang, S. (eds.) Smart Grid Inspired Future Technologies. LNICST, vol. 175, pp. 184–192. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47729-9_19CrossRef

de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)

10.

Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)CrossRef

11.

Reece, R., Stahl, B.: The professionalisation of information security: perspectives of UK practitioners. Comput. Secur. 48, 182–195 (2015)CrossRef

12.

ISO: ISO/IEC 27000:2016 Information technology – Security techniques – Information security management systems – Overview and vocabulary (2016). https://www.iso.org/standard/66435.html. Accessed 30 Nov 2017

13.

NIST: Cybersecurity Framework. National Institute of Standards and Technology (2014). https://www.nist.gov/cyberframework. Accessed 30 Nov 2017

14.

Giranldi, B., Martin, D., Nguyen-Duy, J., Santana, M., Schwartz, E., Weber, D.: Transforming traditional security strategies into an early warning system for advanced threats: big data propels SIEM into the era of security analytics. RSA Secur. Brief 11 (2012). https://www.emc.com/collateral/software/solution-overview/h11031-transforming-traditional-security-strategies-so.pdf. Accessed 30 Nov 2017

15.

CISCO: Internet of Everything (IoE) value index (2013). http://internetofeverything.cisco.com/sites/default/files/docs/en/ioe-value-index_Whitepaper.pdf. Accessed 30 Nov 2017

16.

Shedden, P., Scheepers, R., Smith, W., Ahmad, A.: Incorporating a knowledge perspective into security risk assessments. VINE J. Knowl. Manag. 41(2), 152–166 (2011)

17.

Hansen, L., Nissenbaum, H.: Digital disaster, cyber security, and the copenhagen school. Int. Stud. Q. 53(4), 1155–1175 (2009)CrossRef

18.

Libicki, M., Senty, D., Pollak, J.: Hackers Wanted: An Examination of the Cybersecurity Labor Market. RAND Corporation, Santa Monica (2014)CrossRef

19.

National Audit Office: The digital skills gap in government: survey findings (2017). https://www.nao.org.uk/report/the-digital-skills-gap-in-government-survey-findings/. Accessed 30 Nov 2017

20.

Frost and Sullivan: The 2015 (ISC)2 Global Information Security Workforce Study (2015). https://www.boozallen.com/content/dam/boozallen/documents/Viewpoints/2015/04/frostsullivan-ISC2-global-information-security-workforce-2015.pdf. Accessed 30 Nov 2017

21.

SFIA Foundation: SFIA 5 Framework Reference (2017). https://www.sfia-online.org/en/sfia-5. Accessed 30 Nov 2017

22.

Universities Australia: Landmark strategy to make graduates more ‘job ready’ (2015). https://www.universitiesaustralia.edu.au/news/media-releases/Landmark-strategy-to-make-graduates-more–job-ready-#.WEMoFfl97D4. Accessed 30 Nov 2017

23.

Bloom, B., Englehart, M., Furst, E., Hill, W., Krathwohl, D.: Taxonomy of Educational Objectives: The Classification of Educational Goals. Handbook I: Cognitive Domain. Longmans Green, New York (1956)

24.

University Alliance: Job Ready: universities, employers and students creating success (2014). http://www.unialliance.ac.uk/wp-content/uploads/2014/07/UA06_JOB_READY_web.pdf. Accessed 30 Nov 2017

25.

Norton, A., Cakitaki, B.: Mapping Australian higher education 2016, Grattan Institute (2016). http://grattan.edu.au/wp-content/uploads/2016/08/875-Mapping-Australian-Higher-Education-2016.pdf. Accessed 30 Nov 2017

26.

Matthews, K.E., Mercer-Mapstone, L.D.: Toward curriculum convergence for graduate learning outcomes: academic intentions and student experiences. Stud. High. Educ., 1–16 (2016). https://doi.org/10.1080/03075079.2016.1190704

27.

ACS: Common ICT job profiles & indicators of skills mobility: ICT skills white paper. Australian Computer Society (2013). http://www.acs.org.au/information-resources/ict-skills-white-paper. Accessed 30 Nov 2017

28.

Hentea, M., Dhillon, H.S., Dhillon, M.: Towards changes in information security education. J. Inf. Technol. Educ. 5, 221–233 (2006)

29.

Yasinsac, A.: Information security curricula in computer science departments: theory and practice. Georg. Wash. Univ. J. Inf. Secur. 1(2), 5 (2002)

30.

Lewis, M., Coles-Kemp, L.: I’ve Got Something To Say: The Use of Animation to Create a Meta-Story about Professional Identity (2014). https://www.riscs.org.uk/2014/06/22/ive-got-something-to-say-the-use-of-animation-to-create-a-meta-story-about-professional-identitylewis-m-coles-kemp-l/. Accessed 25 Nov 2017

31.

TREsPASS: EU TREsPASS (Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security) project (2015). http://www.trespass-project.eu/. Accessed 20 Nov 2017

32.

Coles-Kemp, L.: TREsPASS Exploring Risk (2016). https://bookleteer.com/collection.html?id=27

33.

Conklin, A.: Cyber defense competitions and information security education: an active learning solution for a capstone course. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS 2006) (2006)

34.

He, W., Kshirsagar, A., Nwala, A., Li, Y.: Teaching information security with workflow technology–a case study approach. J. Inf. Syst. Educ. 25(3), 201+ (2014)

35.

Zurita, H., Maynard, S., Ahmad, A.: Evaluating the utility of research articles for teaching information security management. In: Proceeding of Australasian Conference on Information Systems 2015 (2016). https://arxiv.org/abs/1606.01448

36.

Bailey, B.P., Biehl, J.T., Cook, D.J., Metcalf, H.E.: Adapting paper prototyping for designing user interfaces for multiple display environments. Pers. Ubiquitous Comput. 12(3), 269–277 (2008). https://doi.org/10.1007/s00779-007-0147-2CrossRef

37.

Tonkin, E.: Multilayered paper prototyping for user concept modeling: supporting the development of application profiles. In: Proceedings of the International Conference on Dublin Core and Metadata Applications, 2009, pp. 51–60 (2009)

38.

Linek, S.B., Tochtermann, K.: Paper prototyping: the surplus merit of a multi-method approach. Forum Qual. Soc. Res. 16(3) (2015)

39.

OECD: Digital Security Risk Management for Economic and Social Prosperity: OECD Recommendation and Companion Document (2015). https://doi.org/10.1787/9789264245471-en, http://www.oecd.org/sti/ieconomy/digital-security-risk-management.pdf. Accessed 02 Nov 2017

40.

NIST: Managing Information Security Risk Organization, Mission, and Information System View, NIST Special Publication 800-39, 88 (2011). http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf. Accessed 30 Nov 2017

41.

Kirschner, P.A., Ayres, P., Chandler, P.: Contemporary cognitive load theory research: the good, the bad and the ugly. Comput. Hum. Behav. 27(1), 99–105 (2011)CrossRef

42.

Sweller, J.: Cognitive load during problem solving: effects on learning. Cogn. Sci. 12(2), 257–285 (1988)CrossRef

43.

Kalyuga, S., Hanham, J.: Instructing in generalized knowledge structures to develop flexible problem solving skills. Comput. Hum. Behav. 27(1), 63–68 (2011)CrossRef

44.

Kirschner, F., Paas, F., Kirschner, P.A.: Superiority of collaborative learning with complex tasks: a research note on an alternative affective explanation. Comput. Hum. Behav. 27(1), 53–57 (2011)CrossRef

45.

Swords, J., Askins, K., Jeffries, M., Butcher, C.: Geographic visualisation: lessons for learning and teaching. Planet 27(2), 6–13 (2013). https://doi.org/10.11120/plan.2013.00001CrossRef

46.

Hall, P., Heath, C., Coles-Kemp, L., Tanner, A.: Examining the contribution of critical visualisation to information security. In: Proceedings of the 2015 New Security Paradigms Workshop 2015, pp. 59–72. ACM, September 2015

47.

TReSPASS mapping tools and techniques for cyber security. https://visualisation.trespass-project.eu/ Accessed 24 Feb 2017

48.

AISA: The Australian Cyber Security Skills Shortage Study 2016. Australian Information Security Association (2016). https://www.aisa.org.au/Public/Training_Pages/Research/AISA%20Cyber%20security%20skills%20shortage%20research.aspx. Accessed 30 Nov 2017

Titel: Teaching as a Collaborative Practice: Reframing Security Practitioners as Navigators
verfasst von: Patricia A. H. Williams
Lizzie Coles-Kemp
Verlag: Springer Berlin Heidelberg
Buch: Transactions on Edutainment XV
Print ISBN: 978-3-662-59350-9

Electronic ISBN: 978-3-662-59351-6

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-662-59351-6_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"