We propose a project to develop a synthetic, or virtual, environment to educate non-technical students about information security. Information security continues to be a critical issue for organizations.
Hence, it is now critical for employees to recognize the major information security threats in order to prevent attacks. However, it is often difficult for students to develop critical thinking regarding information security and audit. Firstly, the students, much like most corporate employees, may lack the technical background required to fully understand the issues. Such knowledge often requires a hands-on approach to gain a full appreciation of the issues. Second, there are legitimate concerns about training students using real information security tools, which can be used with both benign and malicious intentions. Very often, using such tools would expose corporations to unwanted risks. A synthetic or virtual training environment, however, would allow inexperienced students to be trained in a safe environment. We will develop a system that would allow students to learn about information security and audit. The knowledge gained in so doing could also help us understand how to design better security training programs and policies.