Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Competency Models for Information Security and Cybersecurity Professionals: Analysis of Existing Work and a New Model
University Innsbruck, Austria..
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.ORCID iD: 0000-0003-3818-4442
2023 (English)In: ACM Transactions on Computing Education, E-ISSN 1946-6226, Vol. 23, no 2, article id 25Article in journal (Refereed) Published
Abstract [en]

Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the security domain through qualitative content analysis. Additionally, based on the competency model analysis, an evidence-based competency model is proposed. Examining the content of 27 models, we found that the models can benefit target groups in many different ways, ranging from policymaking to performance management. Owing to their many uses, competency models can arguably help to narrow the skills gap from which the profession is suffering. Nonetheless, the models have their shortcomings. First, the models do not cover all of the topics specified by the Cybersecurity Body of Knowledge ( i.e., no model is complete). Second, by omitting social, personal, and methodological competencies, many models reduce the competency profile of a security expert to professional competencies. Addressing the limitations of previous work, the proposed competency model provides a holistic view of the competencies required by security professionals for job achievement and can potentially benefit both the education system and the labor market. To conclude, the implications of the competency model analysis and use cases of the proposed model are discussed.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023. Vol. 23, no 2, article id 25
Keywords [en]
Cybersecurity education, competency model, competency, workforce development, skills gap
National Category
Information Systems
Identifiers
URN: urn:nbn:se:bth-25261DOI: 10.1145/3573205ISI: 001018474800009OAI: oai:DiVA.org:bth-25261DiVA, id: diva2:1786480
Projects
MIDISE
Part of project
Professional Master in Information Security (PROMIS), Knowledge Foundation
Funder
Knowledge Foundation, 20210026European Commission, 2019-1-LI01-KA203-000130Available from: 2023-08-09 Created: 2023-08-09 Last updated: 2024-04-23Bibliographically approved

Open Access in DiVA

fulltext(2026 kB)327 downloads
File information
File name FULLTEXT01.pdfFile size 2026 kBChecksum SHA-512
d81a52ba07671200b4940516173ee493415e5e8d3d79970603901fb178ffdc11a7dc078c4f058aed469ee32f00f31714138de0976454adf1fdc232e9af27fe87
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Felderer, Michael

Search in DiVA

By author/editor
Felderer, Michael
By organisation
Department of Software Engineering
In the same journal
ACM Transactions on Computing Education
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 333 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 340 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf