Innostage, an integrator and developer of digital security services and solutions, is developing a new methodology for evaluating the performance of blue hackers participating in cyber battles. It will make the process of creating defender ratings uniform, clear, and transparent. This was reported to CNews by representatives of Innostage.
Today, cyberbits are one of the most effective tools for finding highly qualified information security specialists and developing their competencies. The red and blue hacker ratings compiled based on the results of cyber battles help companies understand which of the contest participants are valuable personnel. Ratings of red hackers are now quite transparent, as they are compiled on the basis of evaluating the work of teams, and have the main component-determining the number of successful attacks. And blue hacker ratings are quite subjective, they do not reflect the full contribution of teams to infrastructure protection, since their criteria do not cover all aspects of the work of blue hackers. There is no common understanding of what can be considered an incident.
The Innostage method will allow you to effectively evaluate the work of blue hackers. For example, points will be awarded in accordance with specific and measurable indicators of the level of skills and knowledge of defenders and the effectiveness of their work (incident detection, response time, and prevention).
"It is necessary to standardize the scenarios of all cyber battles, their organizers, various vendors in the field of information security, should create a working group and start discussing the development of standards. This will help blue hackers ' ratings be equally considered in the business community. And it will give defenders confidence that the results of their participation in any cyber battle will be credited to the employer. The Innostage methodology will allow cyberbatv organizers and infrastructure owners to better understand the shortcomings in the work of teams and the shortcomings of their information systems, " said Anton Kalinin, head of the Innostage Cybersecurity Skills Development Center.
To ensure that the methodology for evaluating the work of blue hackers is not only objective, but also transparent, it is necessary to make the process of calculating and summing up indicators completely understandable for defenders, taking into account all aspects of their work. It is also important that rating creators give defenders feedback – they need to understand which aspects of their work have received a positive assessment and in which areas they need to develop. It is important to post the final ratings in the public domain – so they will become widely known and motivate defenders.
At the same time, rating creators should guarantee blue hackers full protection of their confidential data, which should be built in accordance with the basic principles and standards of information security, in order to prevent leaks of confidential information of defenders and the use of ratings of their work by intruders.
Today, cyberbits are one of the most effective tools for finding highly qualified information security specialists and developing their competencies. The red and blue hacker ratings compiled based on the results of cyber battles help companies understand which of the contest participants are valuable personnel. Ratings of red hackers are now quite transparent, as they are compiled on the basis of evaluating the work of teams, and have the main component-determining the number of successful attacks. And blue hacker ratings are quite subjective, they do not reflect the full contribution of teams to infrastructure protection, since their criteria do not cover all aspects of the work of blue hackers. There is no common understanding of what can be considered an incident.
The Innostage method will allow you to effectively evaluate the work of blue hackers. For example, points will be awarded in accordance with specific and measurable indicators of the level of skills and knowledge of defenders and the effectiveness of their work (incident detection, response time, and prevention).
"It is necessary to standardize the scenarios of all cyber battles, their organizers, various vendors in the field of information security, should create a working group and start discussing the development of standards. This will help blue hackers ' ratings be equally considered in the business community. And it will give defenders confidence that the results of their participation in any cyber battle will be credited to the employer. The Innostage methodology will allow cyberbatv organizers and infrastructure owners to better understand the shortcomings in the work of teams and the shortcomings of their information systems, " said Anton Kalinin, head of the Innostage Cybersecurity Skills Development Center.
To ensure that the methodology for evaluating the work of blue hackers is not only objective, but also transparent, it is necessary to make the process of calculating and summing up indicators completely understandable for defenders, taking into account all aspects of their work. It is also important that rating creators give defenders feedback – they need to understand which aspects of their work have received a positive assessment and in which areas they need to develop. It is important to post the final ratings in the public domain – so they will become widely known and motivate defenders.
At the same time, rating creators should guarantee blue hackers full protection of their confidential data, which should be built in accordance with the basic principles and standards of information security, in order to prevent leaks of confidential information of defenders and the use of ratings of their work by intruders.
