FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY CURRICULUM EDUCATIONAL CONTENT

FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY CURRICULUM EDUCATIONAL CONTENT

A. Hakkala, A. Majanoja, V. Leppänen, S. Virtanen (2023).  FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY CURRICULUM EDUCATIONAL CONTENT. 543-554.

In this research, we define a framework for identifying the educational content of an existing university-level cybersecurity curriculum and aligning it with educational requirements distilled from the combination of the European cybersecurity taxonomy and European Cybersecurity Skills Framework, which identifies distinct role profiles with different educational requirements for cybersecurity professionals. We take the cybersecurity roles and skills frameworks and connect them with the knowledge areas defined in the European cybersecurity taxonomy. As a result, we can clearly identify the necessary knowledge areas for each individual role, and also align them with individual course contents in the cybersecurity curriculum. This makes it possible to identify gaps in existing curricula and ensure that educational content meets the requirements of expected knowledge areas. The developed framework is validated by using it to evaluate an existing university level cybersecurity curriculum at University of Turku, where engineering education curriculum follows the CDIO model. The results are used to identify the gaps in current educational content and to verify that the educational content sufficiently covers the desired role profiles. It is also used to provide input for board level decision-making on cybersecurity education. In addition, the assessment phase also provides important feedback for further development of the framework towards a tool that can be used to shape wider educational policy on cybersecurity education beyond individual universities.

Authors (New): 
Antti Hakkala
Anne-Maarit Majanoja
Ville Leppänen
Seppo Virtanen
Pages: 
543-554
Affiliations: 
University of Turku, Turku, Finland
Keywords: 
Cybersecurity
Course Development
ECSF Framework
ECT Taxonomy
CDIO Standard 3
CDIO Standard 7
CDIO Standard 8
CDIO Standard 12
Year: 
2023
Reference: 
ACM. (2017). Curriculum guidelines for post-secondary degree programs in cybersecurity. Available onilne at https://www.acm.org/binaries/content/assets/education/ curricula-recommendations/csec2017.pdf, Accessed 14.04.2023.: 
Brink, S., Carlsson, C. J., Enelund, M., Georgsson, F., Keller, E., Lyng, R., & McCartan, C. (2020). ASSESSING CURRICULUM AGILITY IN A CDIO ENGINEERING EDUCATION | Worldwide CDIO Initiative. Retrieved 2023-01-26, from http://cdio.org/knowledge-library/documents/assessing-curriculum -agility-cdio-engineering-education: 
EIT. (2022). EIT Digital Master School - Cyber Security // EIT Digital Master School. Retrieved 2023-01-27, from https://masterschool.eitdigital.eu/cyber-security: 
EIT. (2023). Decision 02/2023 of the Director of the European Institute of Innovation and Technology on awarding the EIT Label to masters and doctoral programmes. Ref.Ares(2023)321702 - 16/01/2023.: 
ENISA. (2022). European Cybersecurity Skills Framework. Available online at https://www.enisa.europa.eu/topics/education/european-cybersecurity -skills-framework, Accessed 18.01.2023.: 
European Commission Joint Research Centre (JRC). (2021). European Cybersecurity Taxonomy. Available online at https://cybersecurity-atlas.ec.europa.eu/ cybersecurity-taxonomy, Accessed 18.01.2023.: 
European Committee for Standardization. (2019). SFS-EN 16234-1 : 2019 : en ( e-CF ). A common European Framework for ICT Professionals e-Competence Framework ( e-CF ). A common European Framework.: 
Hajny, J., Sikora, M., Grammatopoulos, A. V., & Di Franco, F. (2022). Adding european cybersecurity skills framework into curricula designer. In Proceedings of the 17th international conference on availability, reliability and security. New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/3538969.3543799 doi: 10.1145/3538969.3543799: 
Hakkala, A., & Virtanen, S. (2012). University-industry collaboration in network security education for engineering students. In Proceedings of the International Conference on Engineering Education ICEE 2012, University of Turku, Turku, Finland, 30.7.–3.8.2012,.: 
Harris, M., & Patten, K. (2015). Using Bloom’s and Webb’s Taxonomies to Integrate Emerging Cybersecurity Topics into a Computic Curriculum. Journal of Information Systems Education, 26(3). Retrieved from https://aisel.aisnet.org/jise/vol26/iss3/4: 
Kans, M. (2016). What Should we Teach? A Study of Stakeholders’ Perceptions on Curriculum Content | Worldwide CDIO Initiative. Retrieved 2023-01- 26, from http://www.cdio.org/knowledge-library/documents/what-should-we -teach-study-stakeholders-perceptions-curriculum-content: 
Knapp, K. J., Maurer, C., & Plachkinova, M. (2017). Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance. Journal of Information Systems Education, 28(2), 101.: 
Lehto, M. (Ed.). (2022). Kyberturvallisuuden koulutusohjelman muutostarpeiden tutkimus – hankkeen loppuraportti. Informaatioteknologian tiedekunnan julkaisuja(93). Retrieved from https://jyx.jyu.fi/handle/123456789/82709: 
Majanoja, A.-M., Hakkala, A., Virtanen, S., & Leppänen, V. (2023). Motivation for continuous software engineering expertise development through lifelong learning. In Submitted to the 19th International CDIO Conference, hosted by NTNU, Trondheim, Norway, June 26—29, 2023.: 
NIST. (2020a). NICE Framework Supplemental Material. Retrieved from https://www.nist .gov/itl/applied-cybersecurity/nice/nice-framework-resource-center/ nice-framework-supplemental-material.: 
NIST. (2020b). NIST Special Publication 800-181 Revision 1: Workforce Frame-work for Cybersecurity (NICE Framework). ht. Retrieved 2023-01-26, from https://nlpubs.nist.gov/ nistpubs/SpecialPublications/NIST.SP.800-181rl.pdf: 
Roberts, P. (2015). Higher education curriculum orientations and the implications for institutional curriculum change. http://dx.doi.org/10.1080/13562517.2015.1036731, 20(5), 542– 555. Retrieved from https://www.tandfonline.com/doi/abs/10.1080/13562517 .2015.1036731: 
SPARTA. (2022a). Curricula Designer. Retrieved 2023-01-26, from https://www.sparta .eu/curricula-designer/: 
SPARTA. (2022b). SPARTA - Cybersecurity Training and Awareness. Retrieved 2023-01-26, from https://www.sparta.eu/training/: 
University of Bristol Cyber Security Group. (2021). CyBOK – The Cyber Security Body of Knowledge. Retrieved 2023-01-26, from https://www.cybok.org/: 
UTU. (2022). Tietotekniikan tutkinto-ohjelmille EUR-ACE -akkreditointi | Turun yliopisto. Retrieved 2023-01-27, from https://www.utu.fi/fi/ajankohtaista/ uutinen/tietotekniikan-tutkinto-ohjelmille-eur-ace-akkreditointi: 
Go to top
randomness