Security Operations Center in Education: Building an Educational Environment for Attack and Defense Scenarios

Abstract

The growing need to deal with modern and complex cyber threats and attacks, leads to an increase in the demand for human resources and expertise in the field of Cybersecurity, specifically in the field of monitoring and detecting these threats in the Security Operations sector. In this paper, we present already existing academic experience and literature about Cybersecurity training related topics, through attack and defense scenarios in a specially configured environment, which for the purposes of defense includes a Security Operations Center and for the purposes of the attack includes specially configured information systems which are intentionally vulnerable. Our results indicate that while there is existing literature available regarding the creation of functional SOC for educational purposes, it is not combined or used with applied attack and defense scenarios. There are also no instructions for practical use of the available information for educational purposes. We propose a theoretical structure and topology of an environment that can be used for applied training in Cybersecurity through attack scenarios using intentionally vulnerable information systems as targets and defense scenarios using a SOC to detect and respond to those attacks.