Exploring the Need to Study the Efficacy of VR Training Compared to Traditional Cybersecurity Training
Authors: Shaila Rana, Wasim Alhamdani
Abstract:
Effective cybersecurity training is of the utmost importance, given the plethora of attacks that continue to increase in complexity and ubiquity. VR cybersecurity training remains a starkly understudied discipline. Studies that evaluated the effectiveness of VR cybersecurity training over traditional methods are required. An engaging and interactive platform can support knowledge retention of the training material. Consequently, an effective form of cybersecurity training is required to support a culture of cybersecurity awareness. Measurements of effectiveness varied throughout the studies, with surveys and observations being the two most utilized forms of evaluating effectiveness. Further research is needed to evaluate the effectiveness of VR cybersecurity training and traditional training. Additionally, research for evaluating if VR cybersecurity training is more effective than traditional methods is vital. This paper proposes a methodology to compare the two cybersecurity training methods and their effectiveness. The proposed framework includes developing both VR and traditional cybersecurity training methods and delivering them to at least 100 users. A quiz along with a survey will be administered and statistically analyzed to determine if there is a difference in knowledge retention and user satisfaction. The aim of this paper is to bring attention to the need to study VR cybersecurity training and its effectiveness compared to traditional training methods. This paper hopes to contribute to the cybersecurity training field by providing an effective way to train users for security awareness. If VR training is deemed more effective, this could create a new direction for cybersecurity training practices.
Keywords: Virtual reality cybersecurity training, VR cybersecurity training, traditional cybersecurity training, evaluating efficacy.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1085References:
[1] Esteves, R. (2017). To Improve Cybersecurity, Think Like a Hacker. MIT Sloan Management Review, 58(3), 71–.
[2] Beuran, R., Inoue, T., Tan, Y., & Shinoda, Y. (2019, June). Realistic Cybersecurity Training via Scenario Progression Management. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 67-76). IEEE.
[3] Beuran, R., Pham, C., Tang, D., Chinen, K. I., Tan, Y., & Shinoda, Y. (2017). Cytrone: An integrated cybersecurity training framework
[4] Tschakert, K. F., & Ngamsuriyaroj, S. (2019). Effectiveness of and user preferences for security awareness training methodologies. Heliyon, 5(6), e02010.
[5] Sadeh-Koniecpol, N., Wescoe, K., Brubaker, J., & Hong, J. (2016). U.S. Patent No. 9,373,267. Washington, DC: U.S. Patent and Trademark Office.
[6] Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248.
[7] Fouché, M. (2015). Code hunt as platform for gamification of cybersecurity training. 9–11. https://doi.org/10.1145/2792404.2792406
[8] Maennel, K. (2020, September). Learning Analytics Perspective: Evidencing Learning from Digital Datasets in Cybersecurity Exercises. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 27-36). IEEE.
[9] Nagarajan, A., Allbeck, J. M., Sood, A., & Janssen, T. L. (2012, May). Exploring game design for cybersecurity training. In 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER) (pp. 256-262). IEEE.
[10] Corradini, I. (2020). Training Methods. In Building a Cybersecurity Culture in Organizations (pp. 115-133). Springer, Cham.
[11] Willems, C., Klingbeil, T., Radvilavicius, L., Cenys, A., & Meinel, C. (2011, December). A distributed virtual laboratory architecture for cybersecurity training. In 2011 International Conference for Internet Technology and Secured Transactions (pp. 408-415). IEEE.
[12] Tang, D., Pham, C., Chinen, K. I., & Beuran, R. (2017, November). Interactive cybersecurity defense training inspired by web-based learning theory. In 2017 IEEE 9th International Conference on Engineering Education (ICEED) (pp. 90-95). IEEE.
[13] Wahsheh, L.A. & Mekonnen, B., "Practical Cyber Security Training Exercises," 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 2019, pp. 48-53. doi: 10.1109/CSCI49370.2019.00015
[14] Urias, V. E., Van Leeuwen, B., Stout, W. M., & Lin, H. W. (2017, April). Dynamic cybersecurity training environments for an evolving cyber workforce. In 2017 IEEE International Symposium on Technologies for Homeland Security (HST) (pp. 1-6). IEEE.
[15] Jalali, S. (2019). Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment. The Journal of Strategic Information Systems, 28(1), 66–82. https://doi.org/10.1016/j.jsis.2018.09.003
[16] Nguyen, T. A., & Pham, H. (2020, October). A Design Theory-Based Gamification Approach for Information Security Training. In 2020 RIVF International Conference on Computing and Communication Technologies (RIVF) (pp. 1-4). IEEE.
[17] Thakong, M., Phimoltares, S., Jaiyen, S., & Lursinsap, C. (2018). One-pass-throw-away learning for cybersecurity in streaming non-stationary environments by dynamic stratum network. PloS one, 13(9), e0202937.
[18] Aldawood, H., & Skinner, G. (2019). Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet, 11(3), 73.
[19] Adinolf, S., Wyeth, P., Brown, R., & Altizer, R. (2019, December). Towards designing agent based virtual reality applications for cybersecurity training. In Proceedings of the 31st Australian Conference on Human-Computer-Interaction (pp. 452-456).
[20] Seo, J. H., Bruner, M., Payne, A., Gober, N., & McMullen, D. (2019). Using virtual reality to enforce principles of cybersecurity. The Journal of Computational Science Education, 10(1).
[21] Kasurinen, J. (2017). Usability issues of virtual reality learning simulator in healthcare and cybersecurity. Procedia computer science, 119, 341-349.
[22] Seymour, N. E., Gallagher, A. G., Roman, S. A., O’brien, M. K., Bansal, V. K., Andersen, D. K., & Satava, R. M. (2002). Virtual reality training improves operating room performance: results of a randomized, double-blinded study. Annals of Surgery, 236(4), 458.
[23] Elevate performance through immersive experience. (2020, February 20). Retrieved November 10, 2020, from https://www.strivr.com/lp/elevate-performance-through-immersive-experience/?utm_medium=Paid-Search
[24] VR Cybersecurity Training. (n.d.). Retrieved November 10, 2020, from https://www.nnit.com/our-solutions/cybersecurity/vr-cybersecurity-training/
[25] Virtual Reality (VR) Cyber Security Awareness Training. (n.d.). Retrieved November 10, 2020, from https://securityquotient.io/security-awareness-training/virtual-reality.html
[26] Security awareness game. (n.d.). Retrieved November 12, 2020, from https://www.infosequre.com/security-awareness-game
[27] Virtual Reality Training powered by SixGen. (n.d.). Retrieved November 12, 2020, from https://www.sixgen.io/course