cybersecurity

As cyber threats grow increasingly sophisticated, the importance of security training as an effective means of prevention will become even more critical. Cyber Range (CR) is a platform for creating cyber training programs using virtualization and simulation technologies to create a realistic training environment. The main challenge for utilizing a CR is the specialized human resources required to design and maintain training sessions. To tackle this challenge, several high-level languages, known as Scenario Description Languages (SDLs), have been developed to enable the specification of training environments as models. These models can then be automatically transformed into deployment artifacts. Our studies showed that the existing SDLs could not address requirements when designing complex scenarios where multiple trainees should collaborate to reach a desired goal through various acceptable solutions. We present the Collaborative Security Training SDL (CST-SDL) for creating multi-trainee and multi-solution scenarios. CST-SDL uses an acyclic directional graph for specifying the scenario's solution routes and allows defining trainees with unique tasks, goals, and solution routes during the training session. To evaluate the CST-SDL's capabilities, we have implemented and integrated it into the KYPO cyber range.

Today ransomware is a significant security threat to both organizations and humans in the e-commerce and digital era. Poor human security awareness is a critical vulnerability that increases the risk of ransomware attacks. To protect against ransomware, an established and effective strategy is to improve the security awareness of employees and users about ransomware. To implement this strategy, in the first step, it is vital to measure the ransomware awareness of the users and, next, try to enhance the level of awareness through education, training, and knowledge sharing about the attack. To our best knowledge, there does not exist any questionnaire specially designed to assess ransomware awareness. In this paper, a novel questionnaire development process is presented and applied to produce a questionnaire for measuring security awareness about ransomware called RSAM. The Persian version of the questionnaire (RSAM-P) is developed and validated using a sample of 216 participants completing the questionnaire. The reliability and validity testing of the RSAM-P indicate that the questionnaire consisting of 21 questions is effective and reliable in assessing ransomware awareness. Moreover, in this paper, RSAM-E, the English version of the RSAM, is presented.