Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges

Detalhes bibliográficos
Autor(a) principal: Gasiba, T.
Data de Publicação: 2020
Outros Autores: Lechner, U., Pinto-Albuquerque, M.
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/21498
Resumo: Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.
id RCAP_48942978a1ee535963e45373f016ee9e
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/21498
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Cybersecurity challenges in industry: measuring the challenge solve time to inform future challengesEducationTrainingSecure codingIndustryCybersecurityCapture-the-flagGame analysisCybersecurity challengeChallenge solve timeCybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.MDPI2021-01-25T11:52:11Z2020-01-01T00:00:00Z20202021-01-25T11:51:27Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10071/21498eng2078-248910.3390/info11110533Gasiba, T.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:46:12Zoai:repositorio.iscte-iul.pt:10071/21498Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:22:10.986094Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
title Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
spellingShingle Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
Gasiba, T.
Education
Training
Secure coding
Industry
Cybersecurity
Capture-the-flag
Game analysis
Cybersecurity challenge
Challenge solve time
title_short Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
title_full Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
title_fullStr Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
title_full_unstemmed Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
title_sort Cybersecurity challenges in industry: measuring the challenge solve time to inform future challenges
author Gasiba, T.
author_facet Gasiba, T.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
dc.contributor.author.fl_str_mv Gasiba, T.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Education
Training
Secure coding
Industry
Cybersecurity
Capture-the-flag
Game analysis
Cybersecurity challenge
Challenge solve time
topic Education
Training
Secure coding
Industry
Cybersecurity
Capture-the-flag
Game analysis
Cybersecurity challenge
Challenge solve time
description Cybersecurity vulnerabilities in industrial control systems have been steadily increasing over the last few years. One possible way to address this issue is through raising the awareness (through education) of software developers, with the intent to increase software quality and reduce the number of vulnerabilities. CyberSecurity Challenges (CSCs) are a novel serious game genre that aims to raise industrial software developers' awareness of secure coding, secure coding guidelines, and secure coding best practices. An important industry-specific requirement to consider in designing these kinds of games is related to the whole event's duration and how much time it takes to solve each challenge individually-the challenge solve time. In this work, we present two different methods to compute the challenge solve time: one method based on data collected from the CSC dashboard and another method based on a challenge heartbeat. The results obtained by both methods are presented; both methods are compared to each other, and the advantages and limitations of each method are discussed. Furthermore, we introduce the notion of a player profile, which is derived from dashboard data. Our results and contributions aim to establish a method to measure the challenge solve time, inform the design of future challenges, and improve coaching during CSC gameplay.
publishDate 2020
dc.date.none.fl_str_mv 2020-01-01T00:00:00Z
2020
2021-01-25T11:52:11Z
2021-01-25T11:51:27Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/21498
url http://hdl.handle.net/10071/21498
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2078-2489
10.3390/info11110533
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv MDPI
publisher.none.fl_str_mv MDPI
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134783428624384

Registros relacionados