Enterprise Security Analysis and Training Experience

  • Andres OjamaaEmail author
  • Enn Tyugu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8985)


A holistic approach to security can be introduced by using a model that binds security measures with costs and security metrics. We describe exercises based on the graded security model, and supported by an expert system that are used for training both general managers and security experts. Trainees have to solve a number of problems under conditions that correspond to a realistic critical information infrastructure security planning situation, with the level of details depending on the expertise of trainees.


Security training Graded security Security model 



The authors appreciate the support of the Estonian Academy of Sciences, the target funding project SF0140007s12 of Estonian Ministry of Education and Research, the European Regional Development Fund (ERDF) through Estonian Centre of Excellence in Computer Science (EXCS) project and the project No. 3.2.1201.13-0026 Model-based Java software development technology.


  1. 1.
    Estonian Information System Authority: Three-level IT baseline security system ISKE.
  2. 2.
    German Federal Office for Information Security (BSI): BSI-Standard 100-2 IT Grundschutz Methodology.
  3. 3.
    Kivimaa, J., Kirt, T.: Evolutionary algorithms for optimal selection of security measures. In: Ottis, R. (ed.) Proceedigs of the 10th European Conferences on Information Warfare and Security, pp. 172–184. Academic Publishers, Reading, UK (2011)Google Scholar
  4. 4.
    Kivimaa, J., Ojamaa, A., Tyugu, E.: Graded security expert system. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 279–286. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Kivimaa, J., Ojamaa, A., Tyugu, E.: Managing evolving security situations. In: Unclassified Proceedings of the MILCOM 2009, 18–21 October 2009. IEEE, Piscataway (2009)Google Scholar
  6. 6.
    Leidos: CyberNEXS Cyber Security Training.
  7. 7.
    Lobsenz, G.: DOE Adopts New “Graded” Terrorist Protection Policy (2008).
  8. 8.
    Modeling and Simulation Group at IoC: CoCoViLa model-based software development platform.
  9. 9.
    Tallinn University of Technology: Cyber security master’s programme.
  10. 10.
    Thompson, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET 2011. USENIX Association, Berkeley (2011)Google Scholar
  11. 11.
    U.S. DoD, Defense Information Systems Agency: CyberProtect, version 1.1.
  12. 12.
    U.S. DoE, Office of Information Resources: DOE O 470.3B, Graded Security Protection (GSP) Policy.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Institute of Cybernetics at Tallinn University of TechnologyTallinnEstonia

Personalised recommendations