Collaborative Research: SaTC: EDU: Dual-track Role-based Learning for Cybersecurity Analysts and Engineers for Effective Defense Operation with Data Analytics

协作研究：SaTC：EDU：网络安全分析师和工程师基于角色的双轨学习，通过数据分析实现有效的防御操作

• 批准号: 2228001
• 负责人: Shanchieh Yang
• 金额: $ 36.74万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-06-15 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2228001&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; EDU; Dual

Cybersecurity defense operations (cyber-ops) are in dire need of effective and expedited learning programs for practicing professionals to infuse data analytics (i.e., data science, artificial intelligence, and machine learning) into their day-to-day tasks. To combat the evolving threat landscape, effective cyber-ops often involve a team of cybersecurity analysts and engineers with complementary expertise. The analysts need effective, usable, and potentially customized data analytics, which are developed by or in collaboration with the engineers. Currently, in-service training for cybersecurity analysts and engineers who need to use data analytics for cyber-ops are limited. No existing program addresses the need to develop the collaborative mindsets and practices that are necessary to work effectively together. This project aims to develop an innovative dual-track learning program for working cybersecurity analysts and engineers that leverages role-playing within a simulated organization and involves tasks that are specific to each group as well as tasks where they need to work together as a team. This innovative design will help promote collaboration while also enhancing learning of specific data analytic knowledge and skills needed by each type of professional in a realistic work environment. The program features a combination of remote learning modules and tasks, team coach sessions, and team-based incident response exercises. Progressively deeper learning about data analytics will occur as the scale and complexity of the cyber-op tasks assigned to the participants, as members of a simulated organization, are gradually increased. The program was designed in collaboration with education researchers. The design is informed by education theories and principles, including Identity Theory, Project-based Design, Understanding by Design, and Universal Design for Learning. The program’s design will also build on prior successful experiences with entry-level cybersecurity bootcamps employing simulations, cybersecurity competitions, and teaching and deployment of research advances for cyber-ops. The program will be refined through three iterations following a Design-based Research approach, and its effects evaluated by an external evaluation team.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络安全防御行动（网络行动）迫切需要有效和快速的学习计划，以供执业专业人员注入数据分析（即，数据科学、人工智能和机器学习）融入到日常工作中。为了应对不断变化的威胁形势，有效的网络行动通常需要一个由网络安全分析师和工程师组成的团队，他们具有互补的专业知识。分析师需要有效的、可用的和可能定制的数据分析，这些数据分析由工程师开发或与工程师合作开发。目前，需要使用数据分析进行网络操作的网络安全分析师和工程师的在职培训有限。没有任何现有的计划能够满足开发有效合作所需的协作思维和实践的需求。该项目旨在为网络安全分析师和工程师开发一个创新的双轨学习计划，该计划利用模拟组织内的角色扮演，并涉及每个团队特定的任务以及他们需要作为一个团队一起工作的任务。这种创新的设计将有助于促进协作，同时也加强了对每种专业人员在现实工作环境中所需的特定数据分析知识和技能的学习。该计划的特点是远程学习模块和任务，团队教练会议和基于团队的事件响应演习的组合。随着分配给参与者（作为模拟组织的成员）的网络操作任务的规模和复杂性逐渐增加，对数据分析的学习将逐步深入。该计划是与教育研究人员合作设计的。该设计是由教育理论和原则，包括身份理论，基于项目的设计，理解设计，通用设计学习。该计划的设计还将建立在先前成功的经验基础上，包括采用模拟，网络安全竞赛以及网络行动研究进展的教学和部署的入门级网络安全训练营。该项目将按照基于设计的研究方法进行三次迭代，并由外部评估团队对其效果进行评估。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。