The challenge of mitigating advanced cyber attacks through advanced security training has been evident during the last decade in numerous fields and industries in EU. Despite the wide spectrum of such tools appears to provide a comprehensive machinery for detecting and responding effectively to cyber attacks, it is difficult to establish effective tool usage strategies and processes for addressing the ever-expanding land-scape of these attacks. Moreover, the advent of more “intelligent” cybersecurity solutions, which make use of technologies like machine learning, statistical analysis and user behaviour analysis, requires sophisticated and hands-on training of the key personnel of organizations, who have responsibility for security, for the latter to be able to master them.
In response to the above, THREAT-ARREST will develop an advanced training platform incorporating emulation, simulation, serious gaming and visualization capabilities to adequately prepare stakeholders with different types of responsibility and levels of expertise in defending high-risk cyber systems and organizations to counter advanced, known and new cyber-attacks. The THREAT-ARREST platform will deliver security training, based on a model driven approach where cyber threat and training preparation models, specifying the potential attacks, the security controls of cyber systems against them, and the tools that may be used to assess the effectiveness of these controls, will drive the training process, and align it with operational cyber system security assurance mechanisms to ensure the relevance of training. The platform will also support trainee performance evaluation and training program evaluation and adapt training programs based on them. The effectiveness of the framework will be validated using a prototype implementation at TRL-7 inter-connected with real cyber systems pilots in the area of smart energy, healthcare and shipping, and from technical, legal and business perspectives.
Who is the project designed for?
Public Sector Organizations, IT SMEs, Researchers, Security Software Industry, End User Organizations, Cyber insurance companies.
How will your project benefit the end-user?
Advanced security training framework