Abstract
The need is growing for a workforce with both technical skills and the ability to navigate existing and emerging information security challenges. Practitioners can no longer depend upon process-driven approaches to people, processes and IT systems to manage information security. They need to be navigators of the entire environment to effectively integrate controls to protect information and technology. The research presented in this paper trialed an innovative tactile learning activity developed through the European Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security (TREsPASS) project with tertiary education students, designed to provide students with experience in real-world modelling of complex information security scenarios. The outcomes demonstrate that constructing such models in an educational setting are a means of encouraging exploration of the multiple dimensions of security. Such teaching may be a means of teaching social, organization and technical navigation skills necessary to integrate security controls in complex settings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Australian Government: Protective Security Policy Framework. Australian Government, Attorney-General’s Department (2016). https://www.protectivesecurity.gov.au/informationsecurity/Pages/default.aspx. Accessed 30 Nov 2017
GOV.UK: Security Policy Framework. Cabinet Office, Government Security Profession and National Security Intelligence (2014). https://www.gov.uk/government/publications/security-policy-framework. Accessed 30 Nov 2017
TechWorld: 28 of the most infamous data breaches (2017). https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/. Accessed 30 Nov 2017
Burdon, M., Siganto, J., Coles-Kemp, L.: The regulatory challenges of Australian information security practice. Comput. Law Secur. Rev. 32(4), 623–633 (2016)
NCSC: CESG Certification for IA Professionals and Guidance to Certification for IA Professionals documents. National Technical Authority for Information Assurance, UK. (2015). https://www.ncsc.gov.uk/articles/cesg-certification-ia-professionals-and-guidance-certification-ia-professionals-documents. Accessed 30 Nov 2017
November, V., Camacho-Hübner, E., Latour, B.: Entering a risky territory: space in the age of digital navigation. Environ. Plan. D Soc. Space 28(4), 581–599 (2010)
Coles-Kemp, L., Overill, R.E.: On the role of the facilitator in information security risk assessment. J. Comput. Virol. 3(2), 143–148 (2007)
Vasenev, A., Montoya, L., Ceccarelli, A., Le, A., Ionita, D.: Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids. In: Hu, J., Leung, Victor C.M., Yang, K., Zhang, Y., Gao, J., Yang, S. (eds.) Smart Grid Inspired Future Technologies. LNICST, vol. 175, pp. 184–192. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47729-9_19
de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)
Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)
Reece, R., Stahl, B.: The professionalisation of information security: perspectives of UK practitioners. Comput. Secur. 48, 182–195 (2015)
ISO: ISO/IEC 27000:2016 Information technology – Security techniques – Information security management systems – Overview and vocabulary (2016). https://www.iso.org/standard/66435.html. Accessed 30 Nov 2017
NIST: Cybersecurity Framework. National Institute of Standards and Technology (2014). https://www.nist.gov/cyberframework. Accessed 30 Nov 2017
Giranldi, B., Martin, D., Nguyen-Duy, J., Santana, M., Schwartz, E., Weber, D.: Transforming traditional security strategies into an early warning system for advanced threats: big data propels SIEM into the era of security analytics. RSA Secur. Brief 11 (2012). https://www.emc.com/collateral/software/solution-overview/h11031-transforming-traditional-security-strategies-so.pdf. Accessed 30 Nov 2017
CISCO: Internet of Everything (IoE) value index (2013). http://internetofeverything.cisco.com/sites/default/files/docs/en/ioe-value-index_Whitepaper.pdf. Accessed 30 Nov 2017
Shedden, P., Scheepers, R., Smith, W., Ahmad, A.: Incorporating a knowledge perspective into security risk assessments. VINE J. Knowl. Manag. 41(2), 152–166 (2011)
Hansen, L., Nissenbaum, H.: Digital disaster, cyber security, and the copenhagen school. Int. Stud. Q. 53(4), 1155–1175 (2009)
Libicki, M., Senty, D., Pollak, J.: Hackers Wanted: An Examination of the Cybersecurity Labor Market. RAND Corporation, Santa Monica (2014)
National Audit Office: The digital skills gap in government: survey findings (2017). https://www.nao.org.uk/report/the-digital-skills-gap-in-government-survey-findings/. Accessed 30 Nov 2017
Frost and Sullivan: The 2015 (ISC)2 Global Information Security Workforce Study (2015). https://www.boozallen.com/content/dam/boozallen/documents/Viewpoints/2015/04/frostsullivan-ISC2-global-information-security-workforce-2015.pdf. Accessed 30 Nov 2017
SFIA Foundation: SFIA 5 Framework Reference (2017). https://www.sfia-online.org/en/sfia-5. Accessed 30 Nov 2017
Universities Australia: Landmark strategy to make graduates more ‘job ready’ (2015). https://www.universitiesaustralia.edu.au/news/media-releases/Landmark-strategy-to-make-graduates-more–job-ready-#.WEMoFfl97D4. Accessed 30 Nov 2017
Bloom, B., Englehart, M., Furst, E., Hill, W., Krathwohl, D.: Taxonomy of Educational Objectives: The Classification of Educational Goals. Handbook I: Cognitive Domain. Longmans Green, New York (1956)
University Alliance: Job Ready: universities, employers and students creating success (2014). http://www.unialliance.ac.uk/wp-content/uploads/2014/07/UA06_JOB_READY_web.pdf. Accessed 30 Nov 2017
Norton, A., Cakitaki, B.: Mapping Australian higher education 2016, Grattan Institute (2016). http://grattan.edu.au/wp-content/uploads/2016/08/875-Mapping-Australian-Higher-Education-2016.pdf. Accessed 30 Nov 2017
Matthews, K.E., Mercer-Mapstone, L.D.: Toward curriculum convergence for graduate learning outcomes: academic intentions and student experiences. Stud. High. Educ., 1–16 (2016). https://doi.org/10.1080/03075079.2016.1190704
ACS: Common ICT job profiles & indicators of skills mobility: ICT skills white paper. Australian Computer Society (2013). http://www.acs.org.au/information-resources/ict-skills-white-paper. Accessed 30 Nov 2017
Hentea, M., Dhillon, H.S., Dhillon, M.: Towards changes in information security education. J. Inf. Technol. Educ. 5, 221–233 (2006)
Yasinsac, A.: Information security curricula in computer science departments: theory and practice. Georg. Wash. Univ. J. Inf. Secur. 1(2), 5 (2002)
Lewis, M., Coles-Kemp, L.: I’ve Got Something To Say: The Use of Animation to Create a Meta-Story about Professional Identity (2014). https://www.riscs.org.uk/2014/06/22/ive-got-something-to-say-the-use-of-animation-to-create-a-meta-story-about-professional-identitylewis-m-coles-kemp-l/. Accessed 25 Nov 2017
TREsPASS: EU TREsPASS (Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security) project (2015). http://www.trespass-project.eu/. Accessed 20 Nov 2017
Coles-Kemp, L.: TREsPASS Exploring Risk (2016). https://bookleteer.com/collection.html?id=27
Conklin, A.: Cyber defense competitions and information security education: an active learning solution for a capstone course. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS 2006) (2006)
He, W., Kshirsagar, A., Nwala, A., Li, Y.: Teaching information security with workflow technology–a case study approach. J. Inf. Syst. Educ. 25(3), 201+ (2014)
Zurita, H., Maynard, S., Ahmad, A.: Evaluating the utility of research articles for teaching information security management. In: Proceeding of Australasian Conference on Information Systems 2015 (2016). https://arxiv.org/abs/1606.01448
Bailey, B.P., Biehl, J.T., Cook, D.J., Metcalf, H.E.: Adapting paper prototyping for designing user interfaces for multiple display environments. Pers. Ubiquitous Comput. 12(3), 269–277 (2008). https://doi.org/10.1007/s00779-007-0147-2
Tonkin, E.: Multilayered paper prototyping for user concept modeling: supporting the development of application profiles. In: Proceedings of the International Conference on Dublin Core and Metadata Applications, 2009, pp. 51–60 (2009)
Linek, S.B., Tochtermann, K.: Paper prototyping: the surplus merit of a multi-method approach. Forum Qual. Soc. Res. 16(3) (2015)
OECD: Digital Security Risk Management for Economic and Social Prosperity: OECD Recommendation and Companion Document (2015). https://doi.org/10.1787/9789264245471-en, http://www.oecd.org/sti/ieconomy/digital-security-risk-management.pdf. Accessed 02 Nov 2017
NIST: Managing Information Security Risk Organization, Mission, and Information System View, NIST Special Publication 800-39, 88 (2011). http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf. Accessed 30 Nov 2017
Kirschner, P.A., Ayres, P., Chandler, P.: Contemporary cognitive load theory research: the good, the bad and the ugly. Comput. Hum. Behav. 27(1), 99–105 (2011)
Sweller, J.: Cognitive load during problem solving: effects on learning. Cogn. Sci. 12(2), 257–285 (1988)
Kalyuga, S., Hanham, J.: Instructing in generalized knowledge structures to develop flexible problem solving skills. Comput. Hum. Behav. 27(1), 63–68 (2011)
Kirschner, F., Paas, F., Kirschner, P.A.: Superiority of collaborative learning with complex tasks: a research note on an alternative affective explanation. Comput. Hum. Behav. 27(1), 53–57 (2011)
Swords, J., Askins, K., Jeffries, M., Butcher, C.: Geographic visualisation: lessons for learning and teaching. Planet 27(2), 6–13 (2013). https://doi.org/10.11120/plan.2013.00001
Hall, P., Heath, C., Coles-Kemp, L., Tanner, A.: Examining the contribution of critical visualisation to information security. In: Proceedings of the 2015 New Security Paradigms Workshop 2015, pp. 59–72. ACM, September 2015
TReSPASS mapping tools and techniques for cyber security. https://visualisation.trespass-project.eu/ Accessed 24 Feb 2017
AISA: The Australian Cyber Security Skills Shortage Study 2016. Australian Information Security Association (2016). https://www.aisa.org.au/Public/Training_Pages/Research/AISA%20Cyber%20security%20skills%20shortage%20research.aspx. Accessed 30 Nov 2017
Acknowledgments
The researchers would like to thank the participants for their efforts, energy and contributions. Coles-Kemp’s contribution was by supported by the European Commission through the FP7 project TREsPASS (grant agreement n. 318003). The materials for the workshop were developed as part of Work Package 4 outputs for the TREsPASS project by art studio LUST.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Williams, P.A.H., Coles-Kemp, L. (2019). Teaching as a Collaborative Practice: Reframing Security Practitioners as Navigators. In: Pan, Z., Cheok, A., Müller, W., Zhang, M., El Rhalibi, A., Kifayat, K. (eds) Transactions on Edutainment XV. Lecture Notes in Computer Science(), vol 11345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-59351-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-59351-6_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-59350-9
Online ISBN: 978-3-662-59351-6
eBook Packages: Computer ScienceComputer Science (R0)