engleski

Computer-based Methods for Assessing Information Security Competencies

With the growing importance of information security and cybersecurity, there is a widely recognized need for more security experts and a higher level of security education among all members of society. Effective methods for assessing information security competencies are a necessary prerequisite for developing, evaluating and improving security education. Procedural knowledge is a key part of information security competencies. In the context of information security, assessment methods such as written exams are often inadequate for assessing procedural knowledge, because with such methods, the person being assessed must explain what they would do in a certain situation instead of actually doing it. On the other hand, computer-based assessment methods can place a person in an authentic environment where he can directly react to a simulated situation and apply his knowledge. In the information security domain, such computer-based methods are therefore a natural solution for a direct assessment of procedural knowledge. In this paper, a list of requirements for evaluating assessment methods of information security competencies is proposed. These requirements are primarily focused on delivering an assessment that is both effective and feasible for use in education. Existing assessment methods are surveyed through the lens of these requirements.

computer based assessment ; formative assessment ; procedural knowledge ; security education ; information security ; cybersecurity ; security ; cyber range ; cyber exercise ; cyber defense exercise ; security competitons ; capture-the-flag ; capture the flag ; CTF ; virtual learning environment ; simulation ; scalable assessment ; automatic assessment ; automatic problem generation ; automatic scoring ; gamification ; security mindset ; adverserial thinking

nije evidentirano