Embedded Files
A systematic task and knowledge-based process to tune cybersecurity training to user learning groups: application to email phishing attacks
You will find on this website the full appendixes showing the result of the steps of the proposed process (see below its diagrammatic view).
These appendixes are the complete list of artifacts produced by the process presented in our paper. This website also includes some of the a used by our process.
Please note that the task models can be scrolled.
Fig . 1: A systematic task and knowledge-based process to tune cybersecurity training
Steps 1 & 2 : Enrich task models with experts' knowledge and contextual knowledge
Steps 1 & 2 : Enrich task models with experts' knowledge and contextual knowledge
Fig. 2: The three-stage sequence presented by Rick Wash (Rick Wash. 2020. How Experts Detect Phishing Scam Emails), modelized with the HAMSTERS notation
Fig. 3: The complete context-dependent task model after the enrichment with litterature's and experts' knowledge and after the enrichment with contextual knowledge, of the goal of detecting a phishing email.
Please note that the task models can be scrolled.
Task Model Description : We will describe here the outline of the task model (in Fig. 3) and the detail of one of its subgoals. All the task models can be interpreted in the same way. You will find more information on the HAMSTER notation here, or in the section "HAMSTERS notation" if needed.
This task model describes the sequence of tasks to achieve the goal of detecting a phishing email. (topmost task).
This goal is refined into a sequence of three subgoals which are consulting the email (the leftmost task of the second line), Inspecting the email and looking for information (the middle task of the second line) and dealing with the email (the rightmost task of the second line).
Each of these tasks is refined, the first one being :
Consult the email which consists of :
First, in an interleaved way :
reading the email,
identifying the sender, using the information "information contained in the body and title of the email" and the declarative knowledge "What is an email address",
identifying the offer (Staggs, J., Beyer, R., Mol, M., Fisher, M., Brummel, B.J., & Hale, J. (2014)). A Perceptual Taxonomy of Contextual Cues for Cyber Trust. ) of the email, using the information "information contained in the body and title of the email",
identifying the consideration (Staggs, J., Beyer, R., Mol, M., Fisher, M., Brummel, B.J., & Hale, J. (2014)). A Perceptual Taxonomy of Contextual Cues for Cyber Trust.) of the email, using the information "information contained in the body and title of the email",
detecting discrepancies in the email[2] using the information "information contained in the body and title of the email", creating the information "potential discrepancies" and
checking the attachment.
Then either
deciding to trust the first frame of understanding using the first frame of understanding or
deciding to think of a second frame of understanding for the email, using the first frame of understanding and creatind the second frame of understanding.
All these tasks contribute to producing information for the user, such as the sender's claimed identity, the information contained in the body and title of the email, the information requested by the sender, the actions expected by the sender, and the presence of attachment.
Step 3 : Identify if there are prerequisites to the cybersecurity tasks
Step 3 : Identify if there are prerequisites to the cybersecurity tasks
Table 1: description of the identified requirements from the task model after all the iterations
Step 4 : Identify the learning units
Step 4 : Identify the learning units
Table 2: Production of the fourth step of the process, assigning an ID to all learning units (which correspond to the requirement in our case study)
Step 5 : Identify the learning sequence
Step 5 : Identify the learning sequence
Table 3: Production of the fourth and fifth steps, this table includes the learning units' knowedge required to acquire the knowledge of a learning unit
Fig. 4: Diagram showing the sequence of Learning Units, based on each Learning Unit requirement.
Step 6 : Define learning groups
Step 6 : Define learning groups
Table 4: description of the knowledge of the different learning groups, evaluated before the training
The table above was used to characterize the learning groups. From this table, we were able to establish which group needed to acquire which knowledge.
Fig. 5: Diagram describing the learning sequence of each learning group.
Step 7 : Prepare task models for each learning group
Step 7 : Prepare task models for each learning group
Please note that the task models can be scrolled.
Fig. 6: Task model of the training of the first group, representing the procedural and declarative knowledge that the trainees from the first learning group have to acquire during the training.
Fig. 7: Task model of the training of the second group, representing the procedural and declarative knowledge that the trainees from the second learning group have to acquire during the training.
Page updated
Google Sites
Report abuse