Risk Mitigation

Improving Cyber Defender Performance for Enhanced Enterprise Cybersecurity

Monday, September 26
1:40 pm - 2:30 pm EDT

Enterprises are increasingly subject to cyber-attacks that result in varying levels of operational impairment. Traditional cybersecurity education focuses heavily on a technical, computer-network-centric viewpoint. Because people are integral to good enterprise cybersecurity, improving the process of enterprise cybersecurity talent development merits prioritization. It is important to consider what is limiting enterprise-level cybersecurity talent development. Our research suggests four limiting factors: • Current vocabulary and logical constructs are preventing more precise dialogue, critical thinking, and exchange of ideas on enterprise cybersecurity • Modern digital enterprises are large-scale, complex, systems-of-systems that are difficult to fully understand because of human limitations in how much information they can process at one time • There is insufficient knowledge of digital enterprise types, their structure, and operation • There are numerous cybersecurity topical knowledge domains and risk management frameworks leading to fragmented or underdeveloped skills for assuring enterprise cybersecurity Each identified limitation creates an opportunity for improvement. A traditional cyber range is useful for teaching network and device security. What is the analog for teaching enterprise cybersecurity? Version 1.0 of a novel Integrated Virtual Learning Environment for Cybersecurity (IVLE4CTM) has been developed specifically for lifting students’ focus to the enterprise and is currently in use. It contains two key elements: an abstracted reality model of an enterprise attack surface and a well-known risk management work process. Both are integrated into a single virtual learning environment. IVLE4C is purpose built for teaching students and employees how to develop and support an optimized risk management plan for assuring enterprise cybersecurity.

InfoSec World
presented by
Stay Informed
Join our mailing list for the latest news on InfoSec World 2022.