IoT Security Risk Management: A Framework and Teaching Approach
IF 2.1
Q1 EDUCATION & EDUCATIONAL RESEARCH
引用次数: 1
Abstract
While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.物联网安全风险管理:框架与教学方法
随着物联网(IoT)设备的普及和使用的增加,其用户变得更容易受到网络攻击,因此强调需要管理由此产生的安全风险。然而,现有的工作揭示了物联网安全风险管理框架的研究差距,其中物联网架构-系统的构建块-没有充分考虑分析。此外,安全风险管理包括复杂的任务,需要适当的培训和教学方法才能有效地应用。为了解决这些问题,我们首先提出了一个安全风险管理框架,该框架将物联网架构的视角作为进一步安全风险管理活动的输入。然后,我们提出了一个黑客马拉松学习模型,作为教黑客马拉松参与者应用物联网安全风险管理框架的实用方法。为了评估该框架和黑客马拉松学习模式的好处,我们进行了一项行动研究,将黑客马拉松学习模式整合到网络安全课程中,让学生学习如何应用该框架。我们的研究结果表明,物联网- arm框架有助于指导学生进行物联网安全风险管理,并产生可重复的结果。此外,该研究还证明了黑客马拉松模型及其干预措施在支持物联网安全风险管理学习和将所提出的框架应用于现实场景方面的适用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文
求助全文
来源期刊
Informatics in Education
EDUCATION & EDUCATIONAL RESEARCH-
CiteScore
6.10
自引率
3.70%
发文量
20
审稿时长
20 weeks
期刊介绍:
INFORMATICS IN EDUCATION publishes original articles about theoretical, experimental and methodological studies in the fields of informatics (computer science) education and educational applications of information technology, ranging from primary to tertiary education. Multidisciplinary research studies that enhance our understanding of how theoretical and technological innovations translate into educational practice are most welcome. We are particularly interested in work at boundaries, both the boundaries of informatics and of education. The topics covered by INFORMATICS IN EDUCATION will range across diverse aspects of informatics (computer science) education research including: empirical studies, including composing different approaches to teach various subjects, studying availability of various concepts at a given age, measuring knowledge transfer and skills developed, addressing gender issues, etc. statistical research on big data related to informatics (computer science) activities including e.g. research on assessment, online teaching, competitions, etc. educational engineering focusing mainly on developing high quality original teaching sequences of different informatics (computer science) topics that offer new, successful ways for knowledge transfer and development of computational thinking machine learning of student''s behavior including the use of information technology to observe students in the learning process and discovering clusters of their working design and evaluation of educational tools that apply information technology in novel ways.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
