Cybersecurity Education in Universities : A Comprehensive Guide to Curriculum Development

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
Degree programme
IEEE Access, Volume 12, pp. 61741-61766
The widespread deployment of digital technologies has made the globe an interconnected world. Among other necessities of the digitalized world, cybersecurity is a crucial component. Therefore, education and proper training of the cybersecurity workforce are essential for building a strong national and global community. However, a significant shortage of proficient cybersecurity experts is reported worldwide. In this study, we present a comprehensive guideline for university-level cybersecurity curriculum development with respect to workforce training. Our curriculum guideline is based on consulting various globally well-known documents, reports, and frameworks that are specifically designed for cybersecurity. Namely, to conduct our research we utilize Cybersecurity Curricula 2017 (CSEC2017) by the Joint Task Force on Cybersecurity Education, National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework by the National Institute of Standards and Technology (NIST), and the Development Needs in Cybersecurity Education: Final report of the project by Lehto et al. at the University of Jyväskylä in Finland. The significance of our work also relies on the fact that the previous efforts to establish a link between the NICE workforce framework and the CSEC2017 curriculum have fallen short, and to the best of our knowledge, this work is the first successful attempt on the matter. In particular, we map every knowledge requirement in each work role to one or several knowledge areas of CSEC2017 curriculum. We define a measurement system to assign a numeric value to each knowledge area. Our goal is to determine the significance of a cybersecurity knowledge area in workforce training. Moreover, we identify the shortcomings of the Cybersecurity Curricula, i.e., we recognize the knowledge areas that are missing from the curriculum. We also discuss about the shortcomings of NICE framework in terms of defining the proper required knowledge in the work roles. Based on our findings, we present a comprehensive guideline for cybersecurity curriculum development for higher educational institutions. Finally, we propose a curriculum roadmap to the job categories.
Publisher Copyright: © 2013 IEEE.
Curriculum development, cybersecurity, cybersecurity curricula 2017 by JTF, higher education, NICE workforce framework, workforce training
Other note
Ramezanian, S & Niemi, V 2024, ' Cybersecurity Education in Universities : A Comprehensive Guide to Curriculum Development ', IEEE Access, vol. 12, pp. 61741-61766 .