pull/218/head
Delta-Sierra 2021-09-20 09:51:52 +02:00
parent 929b5cb429
commit f1e702c638
2 changed files with 250 additions and 246 deletions

View File

@ -2,7 +2,9 @@
"namespace": "interactive-cyber-training-audience",
"description": "Describes the target of cyber training and education.",
"version": 1,
"refs": ["https://arxiv.org/abs/2101.05538"],
"refs": [
"https://arxiv.org/abs/2101.05538"
],
"expanded": "Interactive Cyber Training - Audience",
"predicates": [
{
@ -25,127 +27,127 @@
"expanded": "Target Audience",
"description": "Target audience describes the audience, which is targeted by the training."
}
],
"values": [
{
"predicate": "sector",
"entry": [
{
"value": "academic-school",
"expanded": "Academic - School",
"description": "The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at school level."
},
{
"value": "academic-university",
"expanded": "Academic - University",
"description": "The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at university level."
},
{
"value": "public-government",
"expanded": "Public - Government",
"description": "In public sector such as government, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-authorities",
"expanded": "Public - Authorities",
"description": "In public sector such as authorities, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-ngo",
"expanded": "Public - NGO",
"description": "In public sector such as NGO, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-military",
"expanded": "Public - Military",
"description": "In public sector such as military sector, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "private",
"expanded": "Private",
"description": "The private sector and industry focuses more on protecting its investments. The effectiveness of security mechanisms and people are more important than principles they embody."
}
]
},
{
"predicate": "purpose",
"entry": [
{
"value": "awareness",
"expanded": "Awareness",
"description": "This training should be used to raise the awareness in multiple and different security threats."
},
{
"value": "skills",
"expanded": "Skills",
"description": "This training should be used to recognize the different skill levels of the participants so that can they be improved in a targeted manner."
},
{
"value": "collaboration",
"expanded": "Collaboration",
"description": "This training should be used to improve the cooperation within a team or beyond."
},
{
"value": "communication",
"expanded": "Communication",
"description": "This training should be used to increase the efficiency of internal and external communication in case of an incident."
},
{
"value": "leadership",
"expanded": "Leadership",
"description": "This training should be used to improve the management and coordination of the responsible entities."
}
]
},
{
"predicate": "proficiency-level",
"entry": [
{
"value": "beginner",
"expanded": "Beginner",
"description": "The lowest level. Beginner are limited in abilities and knowledge. They have the possibility to use foundational conceptual and procedural knowledge in a controlled and limited environment. Beginners cannot solve critical tasks and need significant supervision. They are able to perform daily processing tasks. The focus is on learning."
},
{
"value": "professional",
"expanded": "Professional",
"description": "The mid level. Professionals have deeper knowledge and understanding in specific sectors. For these sectors they are able to complete tasks as requested. Sometimes supervision is needed but usually they perform independently. The focus is on enhancing and applying existing knowledge."
},
{
"value": "expert",
"expanded": "Expert",
"description": "The highest level. Experts have deeper knowledge and understanding in different sectors. They complete tasks self-dependent and have the possibilities to achieve goals in the most effective and efficient way. Experts have comprehensive understanding and abilities to lead and train others. The focus is on strategic action."
}
]
},
{
"predicate": "target-audience",
"entry": [
{
"value": "student-trainee",
"expanded": "Student/Trainee",
"description": "Student and trainees have little to none practical knowledge. Training can be used for students and trainees, to enhance their knowledge and to practice theoretical courses."
},
{
"value": "it-user",
"expanded": "IT User",
"description": "IT users use the IT but have little to none knowledge about IT security. Users can get trained to understand principles of IT security and to grow awareness."
},
{
"value": "it-professional",
"expanded": "IT Professional",
"description": "Professionals have little to medium knowledge about IT security. Their professional focus is in specific sectors, therefore, they receive IT security knowledge for their sectors."
},
{
"value": "it-specialist",
"expanded": "IT Specialist",
"description": "Specialists already have a comprehensive knowledge in IT security. Therefore, the training is focussed on specific aspects."
},
{
"value": "management",
"expanded": "Management",
"description": "Management has little knowledge about IT security, but a broad overview. By the training, management can understand changed settings better."
}
]
}
],
"values": [
{
"predicate": "sector",
"entry": [
{
"value": "academic-school",
"expanded": "Academic - School",
"description": "The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at school level."
},
{
"value": "academic-university",
"expanded": "Academic - University",
"description": "The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at university level."
},
{
"value": "public-government",
"expanded": "Public - Government",
"description": "In public sector such as government, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-authorities",
"expanded": "Public - Authorities",
"description": "In public sector such as authorities, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-ngo",
"expanded": "Public - NGO",
"description": "In public sector such as NGO, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "public-military",
"expanded": "Public - Military",
"description": "In public sector such as military sector, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations."
},
{
"value": "private",
"expanded": "Private",
"description": "The private sector and industry focuses more on protecting its investments. The effectiveness of security mechanisms and people are more important than principles they embody."
}
]
},
{
"predicate": "purpose",
"entry": [
{
"value": "awareness",
"expanded": "Awareness",
"description": "This training should be used to raise the awareness in multiple and different security threats."
},
{
"value": "skills",
"expanded": "Skills",
"description": "This training should be used to recognize the different skill levels of the participants so that can they be improved in a targeted manner."
},
{
"value": "collaboration",
"expanded": "Collaboration",
"description": "This training should be used to improve the cooperation within a team or beyond."
},
{
"value": "communication",
"expanded": "Communication",
"description": "This training should be used to increase the efficiency of internal and external communication in case of an incident."
},
{
"value": "leadership",
"expanded": "Leadership",
"description": "This training should be used to improve the management and coordination of the responsible entities."
}
]
},
{
"predicate": "proficiency-level",
"entry": [
{
"value": "beginner",
"expanded": "Beginner",
"description": "The lowest level. Beginner are limited in abilities and knowledge. They have the possibility to use foundational conceptual and procedural knowledge in a controlled and limited environment. Beginners cannot solve critical tasks and need significant supervision. They are able to perform daily processing tasks. The focus is on learning."
},
{
"value": "professional",
"expanded": "Professional",
"description": "The mid level. Professionals have deeper knowledge and understanding in specific sectors. For these sectors they are able to complete tasks as requested. Sometimes supervision is needed but usually they perform independently. The focus is on enhancing and applying existing knowledge."
},
{
"value": "expert",
"expanded": "Expert",
"description": "The highest level. Experts have deeper knowledge and understanding in different sectors. They complete tasks self-dependent and have the possibilities to achieve goals in the most effective and efficient way. Experts have comprehensive understanding and abilities to lead and train others. The focus is on strategic action."
}
]
},
{
"predicate": "target-audience",
"entry": [
{
"value": "student-trainee",
"expanded": "Student/Trainee",
"description": "Student and trainees have little to none practical knowledge. Training can be used for students and trainees, to enhance their knowledge and to practice theoretical courses."
},
{
"value": "it-user",
"expanded": "IT User",
"description": "IT users use the IT but have little to none knowledge about IT security. Users can get trained to understand principles of IT security and to grow awareness."
},
{
"value": "it-professional",
"expanded": "IT Professional",
"description": "Professionals have little to medium knowledge about IT security. Their professional focus is in specific sectors, therefore, they receive IT security knowledge for their sectors."
},
{
"value": "it-specialist",
"expanded": "IT Specialist",
"description": "Specialists already have a comprehensive knowledge in IT security. Therefore, the training is focussed on specific aspects."
},
{
"value": "management",
"expanded": "Management",
"description": "Management has little knowledge about IT security, but a broad overview. By the training, management can understand changed settings better."
}
]
}
]
}

View File

@ -2,130 +2,132 @@
"namespace": "interactive-cyber-training-technical-setup",
"description": "The technical setup consists of environment structure, deployment, and orchestration.",
"version": 1,
"refs": ["https://arxiv.org/abs/2101.05538"],
"refs": [
"https://arxiv.org/abs/2101.05538"
],
"expanded": "Interactive Cyber Training - Technical Setup",
"predicates": [
{
"value": "environment-structure",
"expanded": "Environment Structure",
"description": "The environment structure refers to the basic characteristic of the event."
},
{
"value": "deployment",
"expanded": "Deployment",
"description": "The environment of cyber training can either be deployed on premise or on cloud infrastructures"
},
{
"value": "orchestration",
"expanded": "Orchestration",
"description": "The composition of parts and components of a pool of tasks. The goal is to setup a holistic scenario and integrate cyber training session. Furthermore, it includes a declarative description of the overall process in the form of a composite and harmonic collaboration."
}
],
"values": [
{
"predicate": "environment-structure",
"entry": [
{
"value": "tabletop-style",
"expanded": "Tabletop Style",
"description": "A session that involves the movement of counters or other objects round a board or on a flat surface"
},
{
"value": "online-collaboration-platform",
"expanded": "Online Platform - Collaboration Platform",
"description": "The environment allows organizations to incorporate real-time communication capabilities and providing remote access to other systems. This includes the exchange of files and messages in text, audio, and video formats between different computers or users."
},
{
"value": "online-e-learning-platform",
"expanded": "Online Platform - E-Learning Platform",
"description": "A software application for the administration, documentation, tracking, reporting, and delivery of educational courses, training programs, or learning and development programs."
},
{
"value": "hosting",
"expanded": "Hosting",
"description": "A cyber training based on single hosts uses primarily a personal computer to providing tasks and challenges for a user. It allows a direct interaction with the systems."
},
{
"value": "simulated-network-infrastructure",
"expanded": "Network Infrastruture - Simulated",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). A simulation copies the network components from the real world into a virtual environment. It provides an idea about how something works. It simulates the basic behavior but does not necessarily abide to all the rules of the real systems."
},
{
"value": "emulated-network-infrastructure",
"expanded": "Network Infrastruture - Emulated",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). An emulator duplicates things exactly as they exist in real life. The emulation is effectively a complete imitation of the real thing. It operates in a virtual environment instead of the real world."
},
{
"value": "real-network-infrastructure",
"expanded": "Network Infrastruture - Real",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). In a real network infrastructure, physical components are used to connect the systems and to setup a scenario."
}
]
},
{
"predicate": "deployment",
"entry": [
{
"value": "physical-on-premise",
"expanded": "On Premise - Physical",
"description": "The environment for the training run on physical machines. The data is stored locally and not on cloud; nor is a third party involved. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges."
},
{
"value": "virtual-on-premise",
"expanded": "On Premise - Virtual",
"description": "The environment for the training run virtual machines. The data is stored locally and not on cloud; nor is a third party involved. The benefit of virtual machines is the maximum of configurability. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges."
},
{
"value": "cloud",
"expanded": "Cloud",
"description": "Training setup deployed in the cloud has on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. In contrast to on premise setups, cloud solutions are rapid elastic on request. So the training can be adapted flexible on a large amount of users and is easily usable world wide."
}
]
},
{
"predicate": "orchestration",
"entry": [
{
"value": "none-automation",
"expanded": "None Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here none automation is present."
},
{
"value": "partially-automation",
"expanded": "Partially Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here partially automated."
},
{
"value": "complete-automation",
"expanded": "Complete Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here full-automated."
},
{
"value": "portability-miscellaneous",
"expanded": "Portability - Miscellaneous",
"description": "Miscellaneous approaches are used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations."
},
{
"value": "portability-exchangenable-format",
"expanded": "Portability - Exchangenable Format",
"description": "Common data format (YALM, XML, JSON, ...) is used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations."
},
{
"value": "maintainability-modifiability",
"expanded": "Maintability - Modifiability",
"description": "Maintainability represents effectiveness and efficiency with which a session can be modified or adapted to changes."
},
{
"value": "maintainability-modularity",
"expanded": "Maintability - Modularity",
"description": "A modular concept has advantages in reusability and combinability."
},
{
"value": "compatibility",
"expanded": "Compatibility",
"description": "The Compatibility deals with the technical interaction possibilities via interfaces to other applications, data, and protocols."
}
]
}
{
"value": "environment-structure",
"expanded": "Environment Structure",
"description": "The environment structure refers to the basic characteristic of the event."
},
{
"value": "deployment",
"expanded": "Deployment",
"description": "The environment of cyber training can either be deployed on premise or on cloud infrastructures"
},
{
"value": "orchestration",
"expanded": "Orchestration",
"description": "The composition of parts and components of a pool of tasks. The goal is to setup a holistic scenario and integrate cyber training session. Furthermore, it includes a declarative description of the overall process in the form of a composite and harmonic collaboration."
}
],
"values": [
{
"predicate": "environment-structure",
"entry": [
{
"value": "tabletop-style",
"expanded": "Tabletop Style",
"description": "A session that involves the movement of counters or other objects round a board or on a flat surface"
},
{
"value": "online-collaboration-platform",
"expanded": "Online Platform - Collaboration Platform",
"description": "The environment allows organizations to incorporate real-time communication capabilities and providing remote access to other systems. This includes the exchange of files and messages in text, audio, and video formats between different computers or users."
},
{
"value": "online-e-learning-platform",
"expanded": "Online Platform - E-Learning Platform",
"description": "A software application for the administration, documentation, tracking, reporting, and delivery of educational courses, training programs, or learning and development programs."
},
{
"value": "hosting",
"expanded": "Hosting",
"description": "A cyber training based on single hosts uses primarily a personal computer to providing tasks and challenges for a user. It allows a direct interaction with the systems."
},
{
"value": "simulated-network-infrastructure",
"expanded": "Network Infrastruture - Simulated",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). A simulation copies the network components from the real world into a virtual environment. It provides an idea about how something works. It simulates the basic behavior but does not necessarily abide to all the rules of the real systems."
},
{
"value": "emulated-network-infrastructure",
"expanded": "Network Infrastruture - Emulated",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). An emulator duplicates things exactly as they exist in real life. The emulation is effectively a complete imitation of the real thing. It operates in a virtual environment instead of the real world."
},
{
"value": "real-network-infrastructure",
"expanded": "Network Infrastruture - Real",
"description": "Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). In a real network infrastructure, physical components are used to connect the systems and to setup a scenario."
}
]
},
{
"predicate": "deployment",
"entry": [
{
"value": "physical-on-premise",
"expanded": "On Premise - Physical",
"description": "The environment for the training run on physical machines. The data is stored locally and not on cloud; nor is a third party involved. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges."
},
{
"value": "virtual-on-premise",
"expanded": "On Premise - Virtual",
"description": "The environment for the training run virtual machines. The data is stored locally and not on cloud; nor is a third party involved. The benefit of virtual machines is the maximum of configurability. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges."
},
{
"value": "cloud",
"expanded": "Cloud",
"description": "Training setup deployed in the cloud has on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. In contrast to on premise setups, cloud solutions are rapid elastic on request. So the training can be adapted flexible on a large amount of users and is easily usable world wide."
}
]
},
{
"predicate": "orchestration",
"entry": [
{
"value": "none-automation",
"expanded": "None Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here none automation is present."
},
{
"value": "partially-automation",
"expanded": "Partially Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here partially automated."
},
{
"value": "complete-automation",
"expanded": "Complete Automation",
"description": "Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here full-automated."
},
{
"value": "portability-miscellaneous",
"expanded": "Portability - Miscellaneous",
"description": "Miscellaneous approaches are used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations."
},
{
"value": "portability-exchangenable-format",
"expanded": "Portability - Exchangenable Format",
"description": "Common data format (YALM, XML, JSON, ...) is used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations."
},
{
"value": "maintainability-modifiability",
"expanded": "Maintability - Modifiability",
"description": "Maintainability represents effectiveness and efficiency with which a session can be modified or adapted to changes."
},
{
"value": "maintainability-modularity",
"expanded": "Maintability - Modularity",
"description": "A modular concept has advantages in reusability and combinability."
},
{
"value": "compatibility",
"expanded": "Compatibility",
"description": "The Compatibility deals with the technical interaction possibilities via interfaces to other applications, data, and protocols."
}
]
}
]
}