larry howard sr. research scientist [email protected] eric imsand 1, larry howard 2, ken...
TRANSCRIPT
Larry HowardSr. Research Scientist
www.prototus.org
Eric Imsand1, Larry Howard2, Ken Pence2, Mike Byers3, Dipankar Dasgupta1
Center for Information Assurance University of Memphis
Institute for Software Integrated SystemsVanderbilt University
SPARTA, Inc.Huntsville, AL
1 2 3
TRUST Autumn Conference 2008
TRUST Autumn Conference 2008
Source: Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May , ‘Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the “insecurity iceberg”’
“Long game”– More trustworthy technologies– Fail-safe deployment models
“Short game”– Increase awareness of threats among users– Make training on responses more readily
available and valuable
TRUST Autumn Conference 2008
TRUST Autumn Conference 2008
Fire Safety Training
In the event of fire, move quickly to the nearest exit, avoiding elevators.
Fire Safety Training
In the event of fire, move quickly to the nearest exit, avoiding elevators.
In the event of fire, you shoulda)Put out the fireb)Find the nearest elevatorc)Move quickly to the nearest exitd)None of the above
In the event of fire, you shoulda)Put out the fireb)Find the nearest elevatorc)Move quickly to the nearest exitd)None of the above
NextNext
Hmm.a?
Hmm.a?
TRUST Autumn Conference 2008
Thanks for using the Online Training System
This morning you have completed the following training:
Sexual HarassmentFire SafetyNeurosurgery
Thanks for using the Online Training System
This morning you have completed the following training:
Sexual HarassmentFire SafetyNeurosurgery
Glad that’s over.What’s for lunch?Glad that’s over.
What’s for lunch?
Despite the potential to reach large numbers of users, most online training is currently perceived as a bad joke.
• FEMA sponsored free online training
– for IT professionals, risk managers, and general users
• University of Memphis Center for Information Assurance (CfIA)
– with Vanderbilt University (ISIS) and SPARTA, Inc.
TRUST Autumn Conference 2008
www.act-online.net
TRUST Autumn Conference 2008
Level/Track Technical(Track 1)
General(Track 2)
Business Continuity(Track 3)
Beginner/Introductory Information SecurityBasics(TEI: AWR-173-W)
Information Security for Everyone(TEI: AWR-175-W)
Business InformationContinuity(TEI: AWR-176-W)
Intermediate Secure Software and Network Assurance(In development)
Cyber Ethics(TEI: AWR-174-W)
Information Risk Management(Pending approval)
Advanced Digital Forensics(Q1-2009)
Cyber Law andWhite Collar Crime(Q3-2009)
Cyber IncidentAnalysis andResponse(Q1-2009)
TRUST Autumn Conference 2008
ACT Online courses consist of modules anchored on authentic problem-solving situations with a common macro-structure.
TRUST Autumn Conference 2008
ACT Online learning resources can be freely explored by trainees to address the overarching challenge.
TRUST Autumn Conference 2008
Like the web, assisted search features of ACT Online help trainees use learning resources and self-assessments.
TRUST Autumn Conference 2008
ACT Online self-assessments enable trainees to confirm their understanding of resources with progressive feedback.
Clarify the question Criticize the response Provide resource(s)
11 22 33
TRUST Autumn Conference 2008
ACT Online gives trainees credit for what they already know through pre-qualification, adapting the training in response.
• Attackers increasingly target vulnerabilities widely distributed among user population
• Lack of awareness and response by computer users is a serious near-term problem
• Online training holds potential to reach large populations, but currently viewed as ineffective
• ACT Online is using modern instructional techniques and features to change perception
Visit us today at www.act-online.net
TRUST Autumn Conference 2008
• ACT Online is supported by Cooperative Agreement Number 2006-GT-T6-K009 administered by the Federal Emergency Management Agency, National Preparedness Directorate, National Integration Center, Training and Exercise Integration.
• Points of view and opinions in this presentation are those of the author(s) and do not necessarily represent the position or policies of the United States Government.
TRUST Autumn Conference 2008