Project 4: Enterprise Cybersecurity Program Step 8: Design a Simulation Experience Now

Project 4: Enterprise Cybersecurity ProgramStep 8: Design a Simulation Experience
Now that the design of the cybersecurity framework for your organization is complete, it’s time to begin to develop the specific elements needed for the enterprise cybersecurity program. The best plan is one that can reveal points of possible failure, providing an opportunity for adjustment ahead of time. It is also beneficial for the enterprise to practice implementation of the framework in such a way that the response is timely and with minimal error.
Using the Cybersecurity Framework Report and feedback received, design a cybersecurity simulation program for key employees to hone their responses to potential cyberattacks. The design of any training program will consider the following elements:
training objectives
audience
scenario types
simulation types
timeframe
cost
evaluation
Compile your ideas from this step to create a simulation program design document in the next step.
Cybersecurity Simulation Program
Print
Students are often called to develop competencies in a variety of disciplines. The purpose of learning and training is to allow students to gain this competence in an environment which exposes them to the issues within a discipline, to be able to ask questions and solve challenges, and to produce predictable results in the future. The purpose of modeling or engaging in fact-based scenarios, or “simulations,” is to allow for as close to real-world responses as possible.
Research indicates that the use of simulations is generally more cost-effective, safer, and more efficient than conducting real-world experiments. Variables, such as the simulation environment, teaching style, and emphasis, can be reduced to produce uniform testing. Simulations can also be even more realistic because they can combine a variety of facts and factors to produce the best possible crisis scenario for students to resolve. “The hallmark of a good candidate for simulation is an activity that is complex, dangerous, and/or expensive” (Fite, 2014).
The use of scenarios also permits consistent repetition and, much like other private industry approaches, the ability to discount variables or testing data that was not consistent or was contaminated. One of the world’s largest proponent of simulations is the US Department of Defense. Throughout the many branches and departments within the US military, simulations are a cost-effective tool to engage service members without placing them in harm’s way or compromising critical systems or equipment.
Simulations in cybersecurity programs are used because of their effectiveness in understanding the complexity of the issues faced by cybersecurity professionals. Whether it is the critical thinking that goes into creating adequate policies and procedures to combat problems (such as in the NIST Framework) or the implementation of the defined institutional goals, it is important to gain from the experience of tackling these issues. Institutional responses require individual initiative and a solid foundation for any such action. Participants have to know what they need to know, know how to answer the questions they are likely to face, and then find answers to questions they have never experienced before. This is the reason for simulations: to test knowledge and assess performance.
References
Fite, B. (2014, February 11). Simulating cyber operations: A cyber security training framework. https://www.sans.org/reading-room/whitepapers/bestprac/simulating-cyber-operations-cyber-security-training-framework-34510
Project 4: Enterprise Cybersecurity ProgramStep 9: Compose the Simulation Program Design
The Simulation Design Template will assist you in molding your ideas from the last step into a Simulation Program Design. Follow the instructions on the template and submit it for feedback.
Submission for Project 4: Simulation Program Design