Students are expected to increase capacity for devising strategies that would reduce or eliminate risks

Jan 29, 2015 10:00 GMT  ·  By

The cyber security master’s degree program at the University of South Florida received a grant that allows students to better understand the decisions taken by organizations facing cyber-attacks.

The grant comes from the National Science Foundation. It consists of $300,000 / €265,600 and was awarded to Dr. Grandon Gill, professor at USF Information Systems Decision Sciences.

Students to learn from real-world case studies

The money is planned to be spent over the course of 18 months on real-world case studies of cyber incidents designed to combine technical and social weaknesses hackers took advantage of to penetrate the computer network of a target.

Individuals involved in these incidents will be interviewed by students and research assistants in order to learn the reasons for taking a certain approach in dealing with the attacks.

“Through the interviews, students will be able to learn about when and why certain choices were made in each instance,” professor Gill told WTSP 10 News.

By accessing information pertaining to real cases, the students are expected to increase their cyber defense skills and not only be prepared for a hack attack but also be able to predict risks and create the necessary strategies to minimize or eliminate them.

For the duration of the grant, the Florida Center for Cybersecurity (FC2) will connect the professor with entities that accepted to participate in creating the case studies.

A more practical approach in studying security incidents

As far as cyber-attacks are concerned, students’ competence is mostly theoretical, but by being exposed to real scenarios they can realize the implications and reasoning of each decision made when dealing with hack incidents.

Also, they will learn about the vulnerabilities in different types of access points, no matter the device that is connected to them.

An example given by the professor to stress the importance of the devices connected to the network was the breach at Target, where hackers managed to access the cash registers through an air conditioning system connected to the network.

Large retailers generally have a team that monitors energy usage and temperature in stores to make sure that customers shop in the best conditions and that costs do not exceed a specific threshold. Engineers need to access the systems remotely and apply updates or make the necessary corrections.

One aspect that needs to be noted is that the research related to the grant is not limited to one department only and touches on multiple disciplines, such as Business (Information Systems and Decision Sciences), Arts and Sciences (School of Information), Behavioral and Community Sciences (Criminology) and Education (Instructional Technology).