Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F23%3A00130278" target="_blank" >RIV/00216224:14610/23:00130278 - isvavai.cz</a>
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S0167404823000305" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404823000305</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2023.103120" target="_blank" >10.1016/j.cose.2023.103120</a>
Alternative languages
Result language
angličtina
Original language name
Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms
Original language description
Cybersecurity training is a key endeavour for ensuring that the IT workforce possess the knowledge and practical skills required to counter the ever-increasing cybersecurity threats that our society is faced with. While some related systems, such as Capture The Flag platforms, have been available for almost one decade, platforms that support full-fledged cybersecurity training exercises have only been released as open source in recent years. Given the complexity of such cybersecurity training platforms, the question that arises is how to meaningfully evaluate and compare their capabilities in order to identify the most suitable solution for a given type of organization and/or training activity. In this paper, we introduce a capability assessment methodology for cybersecurity training platforms that focuses on the three key aspects of training: content representation, environment management, and training facilitation. The assessment tool that we developed is used to evaluate two open-source cybersecurity training platforms, CyTrONE and KYPO. We then conduct a comparative analysis of these two platforms based on our first-hand developer experience with them, and discuss the lessons learned from implementing, deploying and using these platforms. The assessment tool and the detailed technical comparative analysis that we conducted are intended as instruments and references for anyone who plans to deploy or develop cybersecurity training platforms.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2023
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computers & Security
ISSN
0167-4048
e-ISSN
1872-6208
Volume of the periodical
128
Issue of the periodical within the volume
103120
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
14
Pages from-to
1-14
UT code for WoS article
000934040600001
EID of the result in the Scopus database
2-s2.0-85147546584