台灣資安菁英人才培育

隨著資訊安全的攻擊和防禦技術迅速發展與高度專業化，在高等教育中，特別是在業界所需的實務攻防技能方面，個別教師要跟上腳步，是非常具有挑戰性的。我們相信聯合具有不同技能的網路安全專業人員，讓學員透過協作式教學和學習的方式，可以克服這個挑戰，培養具實務能力的資安人才。本論文介紹我們在台灣資安實務教育的協作教學和學習經驗。在過去四年裡，我們設計並實施了兩個實驗性的資安課程：一個是為期一週的暑期學校課程，旨在培養已有先備資安知識的學生，另一個則是跨校的大學正式課程，旨在有系統地指導學生修習基本的攻擊和防守技能。兩門課程都使用Capture The Flag（CTF）作為測驗和評分的通用模式。我們強調設計決策，且探討了遇到的挑戰、經驗教訓以及可能的改進方向。

關鍵字

AIS3 ；資安搶旗； EDU-CTF ；資安實務教育

並列摘要

As cyberattack and security technologies evolve rapidly and are highly specialized, it is challenging for individual instructors in higher education to keep up with the advancement, especially in practical offensive and defensive skills that are desired by the industries. We believe this challenge can be overcome through collaborative teaching and learning in which cybersecurity professionals with diverse skill sets can join force to cultivate talents. This paper reports our experiences in collaborative teaching and learning for practical cyber security education in Taiwan. Over the past four years, we designed and implemented two experimental security curricula: One is a week-long summer school program that aims to advance students who have prior knowledge in security, and the other is a cross-university semester course designed to guide students to systematically develop fundamental offensive and defensive skills. Both courses use Capture The Flag (CTF) as a common platform for assignments and evaluation. We highlight the design decisions and discuss the challenges encountered, lessons learned, and possible directions for improvements.

並列關鍵字

AIS3 ； Capture the Flag ； EDU-CTF ； Practical security education

參考文獻

APWG, “Phishing Attack Trends Report – 4th Quarter 2016,” https://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf, 2016.

Google Scholar

B. Boland, “Undeclared Cyber Wars: Cyber threat actors targeting Asia,” 2016 RSA Conference,https://www.rsaconference.com/writable/presentations/file_upload/tta1-r01_undeclared-cyberwars-cyber-threat-actors-targeting-asia.pdf (2016/07/20).