Deployment of Honeypot and SIEM Tools for Cyber Security Education Model In UITM

Abstract

Nowadays the threat of cyber-attacks is increasing as more organizations undergo digital transformation. Therefore, organizations need to take proactive measures to mitigate the cyber threat to avoid further loss to their business. To mitigate cyber risk effectively, organizations need to employ competent people in the IT security team to implement effective security controls. But there is a shortage of cyber security talent or professionals in the job market and to produce talents in the cyber security field requires extensive effort in education and training. A good cyber security education program should have to date curriculum and provide practical experience. To achieve this, the program must be supported by a cyber security lab equipped with various software, equipment, and tools used by a real professional in the industry. Therefore, this paper proposed a model of a cyber security lab equipped with honeypot and SIEM systems to enhance the quality of cyber security education. The cyber security lab based on the model was deployed at Universiti Teknologi MARA (UiTM) and used for teaching and learning activities. The honeypot will provide student experience analyzing the behaviour of hackers while the SIEM system will aggregate the logs data of the Campus Network Firewall in real-time. To evaluate the effectiveness of the proposed lab model, a functional test and a survey was conducted. The survey result shows that majority of the respondent agreed that the cyber security lab improve their teaching and learning experience while taking the cyber security subject.