"Cybersecurity Computer-Based Training and Technical Communication Design"
About the AuthorLysandwr McNary graduated from New Mexico Tech in spring of 2013 with a Bachelor of Science degree in Technical Communication, after years spent in varied pursuits, from book publisher to United States Army Psychological Operations Specialist. Her time with the US Army, including two years in Iraq, provided many opportunities for studying cybersecurity, communication, and human behavior. Contents |
MethodThis research examined the primary Tier 1 CBT module supplied by the DoD Security Awareness Training Shared Service Center against two axes: requirements mandated by FISMA, and TC principles drawn from research, professional practices, and educational programs. The module is expected to provide training suitable for all employees of federal agencies and affiliated civilian entities at the basic literacy and awareness level of the cybersecurity education continuum, in order for said agencies and entities to be FISMA-compliant (Dept. of Homeland Security, 2012). Because the DoD-directed supplier of the training module, the Defense Information Systems Agency via their Information Assurance Security Environment (IASE), has a posted privacy and security notice which states that “the IASE is provided as a public service by the Defense Information Systems Agency” and that “information presented on the IASE is considered public information and may be distributed or copied (IASE, 2012)”, screen captures are used to illustrate my examination results and represent the module environment. The purpose of this research was to see how successful the training module is in satisfying FISMA requirements and objectives, and if there is a corollary (positive or negative) with observable application of the TC principles. For example, FISMA requires addressing the topic of passwords. If the method used to convey this training can be identified as less than effective, and lacks deployment of TC best principles, that is an observable negative corollary . CBT is defined here as training delivered via computer, whether online (web-based) or via cd/other portable media. The module was accessed on a pc netbook, pc laptop, an Android-based smartphone, networked computer systems on the NMT university network, and a networked virtual machine system on the NMT university administration network. The internet browsers used in these attempts were Mozilla Firefox vs 12.0, Internet Explorer 9, and Google Chrome vs 26. Module examined:The Cyber Awareness Challenge Training Date 10/12 – Ver 1.0 (Formerly designated DoD Information Assurance Awareness Training) “Information awareness and information systems security awareness topics presented in simulation and mini-game format for users to learn, practice, and review required concepts in a work simulation environment (DISA).” FISMA mandated, NIST-directed required topics:
(16-17, NIST SP 800-16) |