Teaching network security through live exercises
Security education and critical infrastructures
An isolated, multi-platform network sandbox for teaching IT security system engineers
CITC5 '04 Proceedings of the 5th conference on Information technology education
Two approaches to an information security laboratory
Communications of the ACM - Surviving the data deluge
Active learning with the CyberCIEGE video game
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
| Hi-index | 0.00 |
Games have a long tradition in teaching IT security: Ranging from international capture-the-flag competitions played by multiple teams to educational simulation games where individual students can get a feeling for the effects of security decisions. All these games have in common, that the game's main goal is keeping up the security. In this paper, we propose another kind of educational security games which feature a game goal unrelated to IT security. However, during the game session gradually more and more attacks on the underlying infrastructure disturb the game play. Such a scenario is very close to the reality of an IT security expert, where establishing security is just a necessary requirement to reach the company's goals. By preparing and analyzing the game sessions, the students learn how to develop a security policy for a simplified scenario. Additionally, the students learn to decide when to apply technical security measures, when to establish emergency plans, and which risks cannot be covered economically. As an example for such a disturbed playing game, we present our distributed air traffic control scenario. The game play is disturbed by attacking the integrity and availability of the underlying network in a coordinated manner, i.e., all student teams experience the same failures at the same state of the game. Beside presenting the technical aspects of the setup, we are also discussing the didactic approach and the experiences made in the last years.