物联网安全风险管理:框架与教学方法

IF 2.1 Q1 EDUCATION & EDUCATIONAL RESEARCH
A. O. Affia, Alexander Nolte, Raimundas Matulevičius
{"title":"物联网安全风险管理:框架与教学方法","authors":"A. O. Affia, Alexander Nolte, Raimundas Matulevičius","doi":"10.15388/infedu.2023.30","DOIUrl":null,"url":null,"abstract":"While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.","PeriodicalId":45270,"journal":{"name":"Informatics in Education","volume":"91 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2023-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"IoT Security Risk Management: A Framework and Teaching Approach\",\"authors\":\"A. O. Affia, Alexander Nolte, Raimundas Matulevičius\",\"doi\":\"10.15388/infedu.2023.30\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.\",\"PeriodicalId\":45270,\"journal\":{\"name\":\"Informatics in Education\",\"volume\":\"91 1\",\"pages\":\"\"},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2023-04-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Informatics in Education\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.15388/infedu.2023.30\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"EDUCATION & EDUCATIONAL RESEARCH\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics in Education","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15388/infedu.2023.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"EDUCATION & EDUCATIONAL RESEARCH","Score":null,"Total":0}
引用次数: 1

摘要

随着物联网(IoT)设备的普及和使用的增加,其用户变得更容易受到网络攻击,因此强调需要管理由此产生的安全风险。然而,现有的工作揭示了物联网安全风险管理框架的研究差距,其中物联网架构-系统的构建块-没有充分考虑分析。此外,安全风险管理包括复杂的任务,需要适当的培训和教学方法才能有效地应用。为了解决这些问题,我们首先提出了一个安全风险管理框架,该框架将物联网架构的视角作为进一步安全风险管理活动的输入。然后,我们提出了一个黑客马拉松学习模型,作为教黑客马拉松参与者应用物联网安全风险管理框架的实用方法。为了评估该框架和黑客马拉松学习模式的好处,我们进行了一项行动研究,将黑客马拉松学习模式整合到网络安全课程中,让学生学习如何应用该框架。我们的研究结果表明,物联网- arm框架有助于指导学生进行物联网安全风险管理,并产生可重复的结果。此外,该研究还证明了黑客马拉松模型及其干预措施在支持物联网安全风险管理学习和将所提出的框架应用于现实场景方面的适用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
IoT Security Risk Management: A Framework and Teaching Approach
While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Informatics in Education
Informatics in Education EDUCATION & EDUCATIONAL RESEARCH-
CiteScore
6.10
自引率
3.70%
发文量
20
审稿时长
20 weeks
期刊介绍: INFORMATICS IN EDUCATION publishes original articles about theoretical, experimental and methodological studies in the fields of informatics (computer science) education and educational applications of information technology, ranging from primary to tertiary education. Multidisciplinary research studies that enhance our understanding of how theoretical and technological innovations translate into educational practice are most welcome. We are particularly interested in work at boundaries, both the boundaries of informatics and of education. The topics covered by INFORMATICS IN EDUCATION will range across diverse aspects of informatics (computer science) education research including: empirical studies, including composing different approaches to teach various subjects, studying availability of various concepts at a given age, measuring knowledge transfer and skills developed, addressing gender issues, etc. statistical research on big data related to informatics (computer science) activities including e.g. research on assessment, online teaching, competitions, etc. educational engineering focusing mainly on developing high quality original teaching sequences of different informatics (computer science) topics that offer new, successful ways for knowledge transfer and development of computational thinking machine learning of student''s behavior including the use of information technology to observe students in the learning process and discovering clusters of their working design and evaluation of educational tools that apply information technology in novel ways.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信