Intelligence-based Cybersecurity Awareness Training- an Exploratory Project
This addresses the need for more effective cybersecurity training for organizations, though it appears incremental as it builds on existing platforms like IBM Watson.
The paper tackled the problem of creating adaptable and cost-effective cybersecurity awareness training by proposing a novel model that links cybersecurity training with cyber threat intelligence, resulting in a practical and scalable method demonstrated using IBM Watson Knowledge Studio and publicly available resources including a corpus of 100 threat reports and 127 assessment results.
Cybersecurity training should be adaptable to evolving the cyber threat landscape, cost effective and integrated well with other enterprise management components. Unfortunately, very few cybersecurity training platforms can satisfy such requirements. This paper proposes a new and novel model for conducting cybersecurity training with three main objectives: (i) training should be initiated by emerging relevant threats and delivered first to the most vulnerable members (ii) the process has to be agile (iii) training results must be able to provide actionable intelligence. For the first time, this paper establishes a type system (ontology and associated relationships) that links the domain of cybersecurity awareness training with that of cyber threat intelligence. Powered by IBM Watson Knowledge Studio platform, the proposed method was found to be practical and scalable. Main contributions such as exports of the type system, the manually annotated corpus of 100 threat reports and 127 cybersecurity assessment results, the dictionaries for pre-annotation, etc were made publicly available.