"Cybersecurity Computer-Based Training and Technical Communication Design"

About the Author

Lysandwr McNary graduated from New Mexico Tech in spring of 2013 with a Bachelor of Science degree in Technical Communication, after years spent in varied pursuits, from book publisher to United States Army Psychological Operations Specialist. Her time with the US Army, including two years in Iraq, provided many opportunities for studying cybersecurity, communication, and human behavior.

Abstract

Method

This research examined the primary Tier 1 CBT module supplied by the DoD Security Awareness Training Shared Service Center against two axes: requirements mandated by FISMA, and TC principles drawn from research, professional practices, and educational programs. The module is expected to provide training suitable for all employees of federal agencies and affiliated civilian entities at the basic literacy and awareness level of the cybersecurity education continuum, in order for said agencies and entities to be FISMA-compliant (Dept. of Homeland Security, 2012).

Because the DoD-directed supplier of the training module, the Defense Information Systems Agency via their Information Assurance Security Environment (IASE), has a posted privacy and security notice which states that “the IASE is provided as a public service by the Defense Information Systems Agency” and that “information presented on the IASE is considered public information and may be distributed or copied (IASE, 2012)”, screen captures are used to illustrate my examination results and represent the module environment.

The purpose of this research was to see how successful the training module is in satisfying FISMA requirements and objectives, and if there is a corollary (positive or negative) with observable application of the TC principles. For example, FISMA requires addressing the topic of passwords. If the method used to convey this training can be identified as less than effective, and lacks deployment of TC best principles, that is an observable negative corollary . CBT is defined here as training delivered via computer, whether online (web-based) or via cd/other portable media.

The module was accessed on a pc netbook, pc laptop, an Android-based smartphone, networked computer systems on the NMT university network, and a networked virtual machine system on the NMT university administration network. The internet browsers used in these attempts were Mozilla Firefox vs 12.0, Internet Explorer 9, and Google Chrome vs 26.

Module examined:

The Cyber Awareness Challenge Training

Date 10/12 – Ver 1.0

(Formerly designated DoD Information Assurance Awareness Training) “Information awareness and information systems security awareness topics presented in simulation and mini-game format for users to learn, practice, and review required concepts in a work simulation environment (DISA).”

FISMA mandated, NIST-directed required topics:

Roles and responsibilities in information security	Personally identifiable information (PII)
Ways to protect shared data (e.g., encryption, backups)	Identity theft
Examples of internal and external threats (e.g., social engineering, hackers)	Internet surfing
Malicious code (e.g., viruses, worms)	Inventory control
Security controls	Physical security
Ways to recognize an information security incident	Spyware
Principles of information security	Phishing
Passwords	Scams and spam
Social engineering	Mobile devices (e.g., laptops, PDAs)
Data backup and storage	Portable storage devices (e.g., CDs, USB drives)
Computer viruses and worms	Remote access
Incident response	Copyright infringement and software piracy
Personal use and gain	Use and abuse of e-mail
Privacy	Peer-to-peer file sharing threat

(16-17, NIST SP 800-16)

Pages: 1· 2· 3· 4· 5· 6· 7· 8· 9· 10· 11· 12

Posted by on May 21, 2021 in article, Issue 9.2

About the Author

Contents

Method

Module examined:

FISMA mandated, NIST-directed required topics: