Using a windows attack intRusion emulator (AWARE) to teach computer security awareness

Abstract: Technology has become a major part of our lives. We are entering an era where almost anyone using a computer must have certain fundamental knowledge on how to protect themselves from attacks while online. In this paper, we describe AWARE, an emulator designed to teach either experienced or casual Windows XP users how to use system-supplied tools to detect potential attacks on their system resources. Our system also has built-in tutorials to help educate the user during their simulated attacks.

“…Information security training and awareness are two of the most effective offsets to mitigate the human risk posed to information security (Parsons, McCormac, Butavicius, Pattinson, & Jerram, 2014). Training is emphasized by Long (1999), Mangus (2002), Tobin and Ware (2005), Werner (2005), Witson (2003), and Yang (2001) among others. Observations ranged from a mild statement of "certain user practices contribute to information systems vulnerabilities" (Mangus, 2002, p. 5) to a sharp rebuke of "the average home user is clueless about security and should be required to obtain a license to log on to the internet" (Werner, 2005, p. 96).…”

“…In the presence of risky outcomes, a decision maker could use the expected value criterion as a rule of choice so that higher expected value investments are the preferred ones (Fishburn, 1988). Although Long (1999) advocated that security instruction should begin as early as kindergarten, most researchers stated that institutions of higher education should be responsible for providing security awareness instruction, including Crowley (2003), Mangus (2002), Null (2004), Tobin and Ware (2005), Valentine (2005), Werner (2005), and Yang (2001). This instruction and training is important not only to meet the current demands of securing systems but also to prepare students for employment in their respective fields.…”

“…Frincke and Bishop (2004) summarized several of the major groups and efforts currently involved in computer security education with institutions of higher education. The location of security awareness instruction and training in a college curriculum should not be isolated in upper-level courses for IT majors, according to Tobin and Ware (2005) and Werner (2005). This instruction should be taught to all graduates as a 'security awareness' course (Valentine, 2005) along with integrating it across through the curriculum (Yang, 2001).…”

Do Students and Instructors See Cybersecurity the Same? A Comparison of Perceptions About Selected Cybersecurity Topics

“…Information security training and awareness are two of the most effective offsets to mitigate the human risk posed to information security (Parsons, McCormac, Butavicius, Pattinson, & Jerram, 2014). Training is emphasized by Long (1999), Mangus (2002), Tobin and Ware (2005), Werner (2005), Witson (2003), and Yang (2001) among others. Observations ranged from a mild statement of "certain user practices contribute to information systems vulnerabilities" (Mangus, 2002, p. 5) to a sharp rebuke of "the average home user is clueless about security and should be required to obtain a license to log on to the internet" (Werner, 2005, p. 96).…”

“…In the presence of risky outcomes, a decision maker could use the expected value criterion as a rule of choice so that higher expected value investments are the preferred ones (Fishburn, 1988). Although Long (1999) advocated that security instruction should begin as early as kindergarten, most researchers stated that institutions of higher education should be responsible for providing security awareness instruction, including Crowley (2003), Mangus (2002), Null (2004), Tobin and Ware (2005), Valentine (2005), Werner (2005), and Yang (2001). This instruction and training is important not only to meet the current demands of securing systems but also to prepare students for employment in their respective fields.…”

“…Frincke and Bishop (2004) summarized several of the major groups and efforts currently involved in computer security education with institutions of higher education. The location of security awareness instruction and training in a college curriculum should not be isolated in upper-level courses for IT majors, according to Tobin and Ware (2005) and Werner (2005). This instruction should be taught to all graduates as a 'security awareness' course (Valentine, 2005) along with integrating it across through the curriculum (Yang, 2001).…”

Do Students and Instructors See Cybersecurity the Same? A Comparison of Perceptions About Selected Cybersecurity Topics

State-of-the-art simulation systems for information security education, training and awareness