Capability Assessment Methodology and Comparative Analysis of Cybersecurity Training Platforms

Investor logo

Warning

This publication doesn't include Faculty of Education. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

BEURAN Razvan VYKOPAL Jan BELAJOVÁ Daniela ČELEDA Pavel TAN Yasuo SHINODA Yoichi

Year of publication 2023
Type Article in Periodical
Magazine / Source Computers & Security
MU Faculty or unit

Institute of Computer Science

Citation
Web Published version on Elsevier ScienceDirect
Doi http://dx.doi.org/10.1016/j.cose.2023.103120
Keywords capability assessment; comparative analysis; cybersecurity training platforms; cyber range; cybersecurity training exercises
Description Cybersecurity training is a key endeavour for ensuring that the IT workforce possess the knowledge and practical skills required to counter the ever-increasing cybersecurity threats that our society is faced with. While some related systems, such as Capture The Flag platforms, have been available for almost one decade, platforms that support full-fledged cybersecurity training exercises have only been released as open source in recent years. Given the complexity of such cybersecurity training platforms, the question that arises is how to meaningfully evaluate and compare their capabilities in order to identify the most suitable solution for a given type of organization and/or training activity. In this paper, we introduce a capability assessment methodology for cybersecurity training platforms that focuses on the three key aspects of training: content representation, environment management, and training facilitation. The assessment tool that we developed is used to evaluate two open-source cybersecurity training platforms, CyTrONE and KYPO. We then conduct a comparative analysis of these two platforms based on our first-hand developer experience with them, and discuss the lessons learned from implementing, deploying and using these platforms. The assessment tool and the detailed technical comparative analysis that we conducted are intended as instruments and references for anyone who plans to deploy or develop cybersecurity training platforms.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.