详情

原文传递 Cyber Event Artifact Investigation Training in a Virtual Environment.

题名：	Cyber Event Artifact Investigation Training in a Virtual Environment.
作者：	Mims, S. M.; Wylkynsone, T. R.
关键词：	Department of defense, Training, Information systems, Threats, Synthetic environment simulations, Learning, Operating systems, Cyber event investigation, Circe (cyber incident or reportable cyber event), Os (operating system), Os artifacts, Incident first responder, Cjcsm 6501.01b, Dod (department of defense), Is (information systems), Cjcsm (chairman of the joint chiefs of staff manual), Virtual environments
摘要：	The Internet has created many new technology advances that make everyday life easier and more efficient. However, technology has also enabled new attack capabilities and platforms that have the potential to cripple Department of Defense (DOD) and civilian information systems and cyber infrastructure. In order to minimize damages these threats could cause, the DOD needs well-trained operators and skilled cyber incident first responders at the helm. The first portion of this research focused on identifying operating system artifacts that give first responders the best information with which to identify if a cyber incident has occurred, or is occurring, and to determine the type of incident. The second portion of this research focused on developing virtual environments where students can participate in guided training and challenge labs. These labs can train system operators to recognize incident indicators and allow first responders to focus on collecting necessary information quickly. The Training Lab focuses on leading the student through an investigation of each designated artifact, while the Challenge Lab provides less guidance in order to test the students acquired skills. This partnered learning experience should lead to more proficient cyber incident reporting and should decrease the response delay between detection and recovery
报告类型：	科技报告