Human interaction plays a key role in the achievement of cybersecurity goals. Addressing cyber threats necessitates an emphasis on human behavior and cognitive models, not merely relying on technical details, since individuals are the weakest link in the cybersecurity context. Thus, the design of cybersecurity-related training programs should be carried out accordingly to increase their effectiveness. The following research proposes a framework, called "CRASTE", which maps human factors and perception, the Red and Blue Team simulation and the Cyber Kill Chain to improve cybersecurity education with respect. The introduction of Artificial Intelligence (AI) in this process can foster the proper employment of the MITRE ATT&CK, which is the most used knowledge base in cybersecurity, to present how the Large Language Models (LLMs) can support both Red and Blue Teams during attacks and their defense.
CRASTE: Human Factors and Perception in Cybersecurity Education
Vita Santa Barletta;Danilo Caivano;Miriana Calvano;Antonio Curci;Antonio Piccinno
2024-01-01
Abstract
Human interaction plays a key role in the achievement of cybersecurity goals. Addressing cyber threats necessitates an emphasis on human behavior and cognitive models, not merely relying on technical details, since individuals are the weakest link in the cybersecurity context. Thus, the design of cybersecurity-related training programs should be carried out accordingly to increase their effectiveness. The following research proposes a framework, called "CRASTE", which maps human factors and perception, the Red and Blue Team simulation and the Cyber Kill Chain to improve cybersecurity education with respect. The introduction of Artificial Intelligence (AI) in this process can foster the proper employment of the MITRE ATT&CK, which is the most used knowledge base in cybersecurity, to present how the Large Language Models (LLMs) can support both Red and Blue Teams during attacks and their defense.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.