CyberCIEGE: An Extensible Tool for Information Assurance Education

Abstract

Good security is not intrusive and can be almost invisible to typical users, who are often unaware of or take it for granted. However, good security practice by user populations is a critical element of an organization's information assurance strategy. This is reflected in government information assurance teaching mandates such as DoD Directive 8570.1, which outlines objectives and requirements for information assurance (IA) education, training and awareness. Although mundane education, training and awareness programs may temporarily raise user interest, for many, mandatory education is considered a distracting waste of time. A new approach is needed to convey IA concepts that will engage the user's imagination. CyberCIEGE*+ is an innovative computer-based tool to teach information assurance concepts. The tool enhances information assurance education and training through the use of computer gaming techniques. In the CyberCIEGE virtual world, students spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack. This paper describes CyberCIEGE and will present ways in which this tool can be used to achieve Federal and DoD information assurance teaching objectives.