Abstract

Document Sections

I. Introduction

II. Related Work

III. Cybersecurity Skills Framework

IV. Mapping Higher Education Programs in Cybersecurity

V. Methodology and Recommendations on Creating Cybersecurity Curricula

VI. Conclusion

Appendix A

Curricula Analysis

Appendix B

Good-Practice Curricula

Abstract:

Cybersecurity education and training are essential prerequisites of achieving a secure and privacy-friendly digital environment. Both professionals and the general public widely acknowledge the need for high-quality university education programs and professional training courses. However, guides, recommendations, practical tools, and good examples that could help institutions design appropriate cybersecurity programs are still missing. In particular, a comprehensive method to identify skills needed by cybersecurity work roles offered on the job market is missing. This paper aims to provide practical tools and strategies to help higher education providers design good cybersecurity curricula. First, we analyze the content of 89 existing study programs worldwide, collect recommendations of renowned institutions within and outside the EU, and provide a comprehensive survey accompanied by a dynamic web application called Education Map. Based on the knowledge about the current state in cybersecurity education, we design the SPARTA Cybersecurity Skills Framework that provides the currently missing link between work roles and required expertise and shows how to develop a curriculum that reflects job market requirements. Finally, we provide a practical tool that implements the framework and helps education and training providers design new study programs and analyze existing ones by considering the requirements of cybersecurity work roles.

Introduction

The labour market lacks qualified cybersecurity professionals. This fact is stated in official reports, unofficial surveys among employers and easily visible in job databases. For instance, the cybersecurity Workforce Study 2019 [16] estimates that there is a shortfall of 4.07 million cybersecurity experts. Moreover, ENISA [13] affirms that current training courses do not sufficiently address different cybersecurity sub-sectors such as the critical infrastructures and the implementation of the General Data Protection Regulation (GDPR). One solution to these problems is to enhance cybersecurity education and training so that more cybersecurity experts can fill in the vacancies. Indeed, many curricula focused on cybersecurity are currently emerging. However, these new degrees are often viewed as an add-on to computer science ones and fail to realize the critical importance of the interdisciplinary nature of this area [12].

This paper presents the methodology for creating cybersecurity study curricula for higher education. The presented methodology is based on (1) a mapping of expected capabilities of the cybersecurity workforce, (2) a deep analysis of existing recommendations for curricula designs (including recommendations from computing associations and national guidelines), and (3) an analysis of existing study programs covering 89 undergraduate and graduate programs in total and their mapping to work role requirements.

We design our methodology using the Cybersecurity Skills Framework [27] developed within the Strategic Programs for Advanced Research and Technology in Europe (SPARTA). Through it, we make it possible for different universities and training institutions to define their study programs according to their needs and capabilities. Our idea is that by using the same framework, the universities will share the same taxonomy of courses and the common procedure for selecting Knowledge, Skills and Abilities (KSA) required for particular work roles, i.e., positions on the job market, at which graduates are aiming.