Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
Autor(a) principal: | |
---|---|
Data de Publicação: | 2020 |
Outros Autores: | , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10071/21498 |
Resumo: | Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay. |
id |
RCAP_48942978a1ee535963e45373f016ee9e |
---|---|
oai_identifier_str |
oai:repositorio.iscte-iul.pt:10071/21498 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challengesEducationTrainingSecure codingIndustryCybersecurityCapture-the-flagGame analysisCybersecurity challengeChallenge solve timeCybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.MDPI2021-01-25T11:52:11Z2020-01-01T00:00:00Z20202021-01-25T11:51:27Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10071/21498eng2078-248910.3390/info11110533Gasiba, T.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:46:12Zoai:repositorio.iscte-iul.pt:10071/21498Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:22:10.986094Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
title |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
spellingShingle |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges Gasiba, T. Education Training Secure coding Industry Cybersecurity Capture-the-flag Game analysis Cybersecurity challenge Challenge solve time |
title_short |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
title_full |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
title_fullStr |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
title_full_unstemmed |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
title_sort |
Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges |
author |
Gasiba, T. |
author_facet |
Gasiba, T. Lechner, U. Pinto-Albuquerque, M. |
author_role |
author |
author2 |
Lechner, U. Pinto-Albuquerque, M. |
author2_role |
author author |
dc.contributor.author.fl_str_mv |
Gasiba, T. Lechner, U. Pinto-Albuquerque, M. |
dc.subject.por.fl_str_mv |
Education Training Secure coding Industry Cybersecurity Capture-the-flag Game analysis Cybersecurity challenge Challenge solve time |
topic |
Education Training Secure coding Industry Cybersecurity Capture-the-flag Game analysis Cybersecurity challenge Challenge solve time |
description |
Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay. |
publishDate |
2020 |
dc.date.none.fl_str_mv |
2020-01-01T00:00:00Z 2020 2021-01-25T11:52:11Z 2021-01-25T11:51:27Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10071/21498 |
url |
http://hdl.handle.net/10071/21498 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2078-2489 10.3390/info11110533 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.publisher.none.fl_str_mv |
MDPI |
publisher.none.fl_str_mv |
MDPI |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134783428624384 |