Based Learning in Cybersecurity Incident Detection and Handling
Total Page:16
File Type:pdf, Size:1020Kb
Proceedings of the 53rd Hawaii International Conference on System Sciences | 2020 An e-ADR (elaborated Action Design Research) Approach Towards Game- based Learning in Cybersecurity Incident Detection and Handling Dixon Prem Daniel R Sundarraj R P Indian Institute of Technology – Madras Indian Institute of Technology – Madras [email protected] [email protected] Abstract provide value. We develop our gaming artefact using the e-ADR approach [6]. The growth of internet has significantly increased Cybersecurity is the top five most important IT the cybersecurity threat instances. Therefore to equip management concerns and also lists in the top five people with skills to mitigate such attacks, this paper largest IT investments [7]. The losses caused by breach provides a Cybersecurity game-based learning artefact in network security has always been an issue. As a designed using the e-ADR approach. The artefact result of lapses in security by organizations, enormous teaches the Incident Detection and Handling budgets have been set aside to protect information procedures that need to be undertaken in the event of a systems [8]. Internet has become all pervasive at home cybersecurity threat. As per NIST’s guide to malware and at workplace. Therefore online security is a high incident prevention and handling, an incident response priority task for the management in organizations, process has four major phases: preparation, detection computer users at home and also the society [9]. and analysis, containment/eradication/recovery, and Security being a primary issue, leads to expanding post-incident activity. Our gaming artefact delves into expenditures with respect to firewalls, authentication the detection and containment phase to design a game systems and other techniques that are concerned with that teaches users to detect and then perform the systems. containment actions on the cybersecurity threat. But there is another aspect to security which is not concerned with systems – the user [10]. The sophisticated security systems lose their effectiveness if passwords are mismanaged by the users [11]. Carlton 1. Introduction and Levy enumerate top platform independent skills for Non-IT Professionals to mitigate cybersecurity Research suggesting digital games could enable vulnerabilities [12]. Our artefact delves into two of the learning, Subrahmanyam and Greenfield, and De skills mentioned in the paper, prevention of malware Freitas sparked focus on commercial games [1, 2]. related incidents and password management. Games have also enabled training and learning in an Takahashi and Kadobayashi provide a reference intrinsically motivating approach [3]. This then led to ontology for cybersecurity information and look at focus attention on Game-based Learning (GBL) [2], cybersecuirty threats from the standpoint of serious games which were games with educational cybersecurity operations [13]. The security systems fail goals and had purposes other than pure entertainment if the professionals responsible for the cybersecurity [4]. The earliest games were developed to provide operations of organization do not respond effectively to training and learning [2]. The objective of our game is the threats. The severity and frequency of malware to train IT as well as non-IT professional in attacks has increased and large number of malicious cybersecurity Incident Detection and Handling software programs are affecting organizations who find procedures. These Incident Handling procedures it difficult to deal with these programs in an efficient available in NIST [5] were employed to teach the way [14]. Therefore training users to effectively handle procedures to be adopted in the event of a cybersecurity operations in an organization should be a cybersecurity threat. As part of our research project priority and this motivated us to develop our gaming we: (i) develop Game-based Learning (GBL) artefacts artefact. that train users in the concepts of cybersecurity; and (ii) embed industry experts to assess our artefacts and 2. Literature URI: https://hdl.handle.net/10125/64365 978-0-9981331-3-3 Page 5066 (CC BY-NC-ND 4.0) An increasing research interest on the ways games artefacts as emerging from interaction with the influence learning in education can be observed [15]. organization the authors in [25] proposed ADR. It is a Use of games for teaching helps us discern the effects research method for generating prescriptive design of games on motivation and cognitive development of knowledge [25]. The original process mode of ADR individuals [15, 16]. Game-based Learning describes was extended to give us the e-ADR [6] and we use the an environment in which knowledge and skill e-ADR to develop our gaming artefact. This paper is acquisition is augmented by game content and game an extension of our work in [26]. play, and where the players feel a sense of achievement as a result of game activities that involve problem 3. Research Approach & Discussion solving and challenges [15]. In recent years, gamification, which draws game design elements from games has dispersed itself into many areas. Similarly in Our development of the gaming artefacts follows the educational context which uses games for teaching the design theory proposed in the e-ADR approach. and learning, GBL has established itself [17]. There are The elaborated ADR approach puts together the studies that develop video games for students to principles of Design Science [24], Action Research promote learning in an engaging manner. [27] and is an extension of the ADR approach. The CyberCIEGE [18], is one such that provides ADR methodology consists of four stages which information assurance awareness using a construction enable generating prescriptive design knowledge [25]. and management resource simulation video game. This ADR method was elaborated by [6] to give rise to PicoCTF [19], a computer security competition for the e-ADR approach. high school students, designed to introduce computer The e-ADR [6] is an extension of the work by Sein security concepts to students at a younger age. Along et al. [25]. It consists of the following four stages: (a) the same lines there are other events such as CTF Diagnosis; (b) Design; (c) Implementation; (d) (Capture the Flag) that are computer security contests Evolution. Each stage has an intervention cycle which between teams [20]. CTFs can be considered as full- consists of five activities: (a) Problem Formulation (P); simulation cyber war-game. Such games are (b) Artefact Creation (A); (c) Evaluation (E); (d) technically demanding, Gondree, Peterson and Reflection (R); and (e) Learning (L). The e-ADR Denning target a small community of security-minded approach enables entry at any stage. We initiated our students and professionals [21]. Since the target group research project with the design stage (Figure 1). The is niche, the focus of the game design stays on game artefact went through two iterations of the design imparting the cybersecurity objectives and not on the phase and we are now in the third iteration of the nature of the interactive experience. Thus we design a design phase. We developed five gaming artefacts four game that merges the cybersecurity and gaming of which handle scenarios pertaining to Incident objectives. The gaming objectives focus on the Detection and Handling and one scenario pertains to interactive experience. Additionally the existing Password Management. These scenarios were taken cybersercurity games address: (1) threats such as from NIST [28]. The scenario objectives are provided malware, Trojan horses, un-patched software flaws that in Table 1. expose limitations in security mechanisms [22]; (2) challenges to increase computer security awareness Table 1. Game scenario objectives [23]; and so on. Despite all the measures taken to Scenarios Objectives prevent such threats, residual risks inevitably persist Network To detect the threat and learn the and no solution is foolproof [5]. We therefore depart Spike sequence of steps that minimize the from these games by designing a game that addresses [Artefact 1] threat caused by Network Spike the scenarios in which the focus is on Incident Malicious To detect the threat and learn the Detection and Handling. This game would teach the Popups sequence of steps that minimize the steps that have to be taken as part of the standard [Artefact 2] threat caused by Malicious Popups operating procedures once we detect that an attack has Password To determine the best possible occurred. We employ Design Science Research Management resource to store the password in. framework to develop our artefact. [Artefact 3] Design Science Research is a problem-solving Unfamiliar To detect the threat and learn the paradigm. It enables creation and evaluation of IT Programs sequence of steps that minimize the artefacts that help solve organizational problems [24]. [Artefact 4] threat caused by Unfamiliar Design Science follows a sequencing approach which Programs separates building from evaluating. With the growing Mysterious To detect the threat and learn the need for research method that explicitly recognizes Computer sequence of steps that minimize the Page 5067 Behaviour threat caused by Mysterious 3.1.2. Artefact 3. The objective of the game is to look [Artefact 5] Computer Behaviour for resources to store the password in the most effective way possible. The game environment (Figure 3.a) consists of resources (Figure 3.b) (tables, chairs, shelves, laptops, printers, etc.) that are part of an office. The player views the objective (Figure 3.c) which requires the player to store the given password in the most secure way possible. The player provides his answer in a screen (Figure 3.d) that opens up at the end of the game. This artefact was improved with a different game design approach. In this enhanced artefact the player could interact with the game resources as shown in Figure 4.d, Figure 4.e and Figure 4.f. Figure 1. The elaborated ADR approach 3.1. Iteration 1 The first iteration provided us insights into the type of objectives required to design the artefacts.