Abstract
A holistic approach to security can be introduced by using a model that binds security measures with costs and security metrics. We describe exercises based on the graded security model, and supported by an expert system that are used for training both general managers and security experts. Trainees have to solve a number of problems under conditions that correspond to a realistic critical information infrastructure security planning situation, with the level of details depending on the expertise of trainees.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Estonian Information System Authority: Three-level IT baseline security system ISKE. https://www.ria.ee/iske-en
German Federal Office for Information Security (BSI): BSI-Standard 100-2 IT Grundschutz Methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.pdf
Kivimaa, J., Kirt, T.: Evolutionary algorithms for optimal selection of security measures. In: Ottis, R. (ed.) Proceedigs of the 10th European Conferences on Information Warfare and Security, pp. 172–184. Academic Publishers, Reading, UK (2011)
Kivimaa, J., Ojamaa, A., Tyugu, E.: Graded security expert system. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 279–286. Springer, Heidelberg (2009)
Kivimaa, J., Ojamaa, A., Tyugu, E.: Managing evolving security situations. In: Unclassified Proceedings of the MILCOM 2009, 18–21 October 2009. IEEE, Piscataway (2009)
Leidos: CyberNEXS Cyber Security Training. https://www.leidos.com/cybersecurity/solutions/CyberNEXS
Lobsenz, G.: DOE Adopts New “Graded” Terrorist Protection Policy (2008). http://pogoarchives.org/m/nss/energydaily-20080826.pdf
Modeling and Simulation Group at IoC: CoCoViLa model-based software development platform. http://www.cs.ioc.ee/cocovila/
Tallinn University of Technology: Cyber security master’s programme. http://www.ttu.ee/studying/masters/masters_programmes/cyber-security/
Thompson, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET 2011. USENIX Association, Berkeley (2011)
U.S. DoD, Defense Information Systems Agency: CyberProtect, version 1.1. http://iase.disa.mil/eta/
U.S. DoE, Office of Information Resources: DOE O 470.3B, Graded Security Protection (GSP) Policy. https://www.directives.doe.gov/directives/0470.3-BOrder-b/view
Acknowledgements
The authors appreciate the support of the Estonian Academy of Sciences, the target funding project SF0140007s12 of Estonian Ministry of Education and Research, the European Regional Development Fund (ERDF) through Estonian Centre of Excellence in Computer Science (EXCS) project and the project No. 3.2.1201.13-0026 Model-based Java software development technology.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ojamaa, A., Tyugu, E. (2016). Enterprise Security Analysis and Training Experience. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)