Architecture and Principles of Developing a Curriculum for the Academic Subject "Cybersecurity"
Abstract
The article describes the basic principles of the development and architecture of educational and methodological material in the form of a guide for the development of educational programs for training highly qualified professional personnel in cybersecurity (information security). Such guidance in foreign sources is called a curriculum. As in any curriculum, the main content of this manual is the definition of the cybersecurity body of knowledge (CBK) in the form of a multi-level hierarchical structure of didactic units that determine the content of training. In addition, the manual includes the definition of the minimum required amount of knowledge (core of the CBK) for educational programs in cybersecurity, a description of the set of expected characteristics of graduates and learning outcomes, recommendations for practice-oriented training of students, a system of didactic parameters that determine the recommended hourly workload when studying individual elements of the CBK and the level of knowledge transfer in the development of the required skills and other materials. This guide is developed on the basis of the Cybersecurity Skills Model described in the authors' previous article "The Cybersecurity Skills Model 2020". It can serve as a methodological basis for the development of educational programs on cybersecurity at all levels: bachelor's, specialist's, master's. The guide can also be used in the development of continuing education programs, individual curricula and professional self-study programs related to cybersecurity.
References
[2] Drozhzhinov V.I. SFIA-the System of IT professional Standards for the Digital Economy. Sovremennye informacionnye tehnologii i IT-obrazovanie = Modern Information Technologies and IT-Education. 2017; 13(1):132-143. (In Russ., abstract in Eng.) DOI: https://doi.org/10.25559/SITITO.2017.1.466
[3] Sukhomlin V.A. et al. Digital Skills Development System. MAKS Press: Basealt Publ., Moscow; 2020. (In Russ.)
[4] Sukhomlin V.A., Zubareva E.V., Yakushin A.V. Methodological Aspects of the Digital Skills Concept. Sovremennye informacionnye tehnologii i IT-obrazovanie = Modern Information Technologies and IT-Education. 2017; 13(2):146-152. (In Russ., abstract in Eng.) DOI: https://doi.org/10.25559/SITITO.2017.2.253
[5] Fedorova I.A. Comparative analysis of the national frameworks of qualification in the higher education area in Russia and European Union. Omsk Scientific Bulletin. 2010; (2):143-146. Available at: https://elibrary.ru/item.asp?id=20911520 (accessed 14.09.2020). (In Russ., abstract in Eng.)
[6] Sukhomlin V., Zubareva E. Analytical Review of the Current Curriculum Standards in Information Technologies. In: Sukhomlin V., Zubareva E. (ed.) Modern Information Technology and IT Education. SITITO 2018. Communications in Computer and Information Science. 2020; 1201:3-41. Springer, Cham. (In Eng.) DOI: https://doi.org/10.1007/978-3-030-46895-8_1
[7] Bloom B.S., Krathwohl D.R. Taxonomy of Educational Objectives: The Classification of Educational Goals. Handbook I: Cognitive Domain. By a Committee of College and University Examiners. New York, NY; Longmans, Green; 1956. (In Eng.)
[8] Joint Task Force on Computing Curricula, Association for Computing Machinery (ACM) and IEEE Computer Society. Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science. Association for Computing Machinery, New York, NY, USA; 2013. (In Eng.) DOI: https://doi.org/10.1145/2534860
[9] Joint Task Force on Cybersecurity Education. Cybersecurity Curricula 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity. Association for Computing Machinery, New York, NY, USA; 2018. (In Eng.) DOI: https://doi.org/10.1145/3184594
[10] Cyber2yr2020 Task Group. Cybersecurity Curricular Guidance for Associate-Degree Programs. Association for Computing Machinery, New York, NY, USA; 2020. (In Eng.) DOI: https://doi.org/10.1145/3381686
[11] Ackerman P.L. Individual differences and skill acquisition. In: Ackerman P.L., Sternberg R.J., Glaser R. (ed.) A series of books in psychology. Learning and individual differences: Advances in theory and research. W H Freeman/Times Books/ Henry Holt & Co; 1989. p. 165-217. (In Eng.)
[12] Conte S.D., Hamblen J.W., Kehl W.B., Navarro S.O., Rheinboldt W.C., Young D.M., Atchinson W.F. An undergraduate program in computer science - preliminary recommendations. Communications of the ACM. 1965; 8(9):543-552. (In Eng.) DOI: https://doi.org/10.1145/365559.366069
[13] Comer D.E., Gries D., Mulder M.C., Tucker A., Turner A.J., Young P.R., Denning P.J. Computing as a discipline. Communications of the ACM. 1989; 32(1):9-23. (In Eng.) DOI: https://doi.org/10.1145/63238.63239
[14] Blair J.R.S., Chewar C.M., Raj R.K., Sobiesk E. Infusing Principles and Practices for Secure Computing Throughout an Undergraduate Computer Science Curriculum. In: Proceedings of the 2020 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '20). Association for Computing Machinery, New York, NY, USA; 2020. p. 82-88. (In Eng.) DOI: https://doi.org/10.1145/3341525.3387426
[15] Leidig P.M., Cassel L. ACM Taskforce Efforts on Computing Competencies for Undergraduate Data Science Curricula. In: Proceedings of the 2020 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '20). Association for Computing Machinery, New York, NY, USA; 2020. p. 519-520. (In Eng.) DOI: https://doi.org/10.1145/3341525.3393962
[16] Parrish A., Impagliazzo J., Raj R.K., Santos H., Asghar M.R., Jøsang A., Pereira T., Sá V.J., Stavrou E. Global perspectives on cybersecurity education. In: Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE 2018). Association for Computing Machinery, New York, NY, USA; 2018. p. 340-341. (In Eng.) DOI: https://doi.org/10.1145/3197091.3205840
[17] Hawthorne E.K. Multifarious initiatives in cybersecurity education. ACM Inroads. 2013; 4(3):46-47. (In Eng.) DOI: https://doi.org/10.1145/2505990.2505999
[18] Cabaj K., Domingos D., Kotulski Z., Respício A. Cybersecurity education: Evolution of the discipline and analysis of master programs. Computers & Security. 2018; 75:24-35. (In Eng.) DOI: https://doi.org/10.1016/j.cose.2018.01.015
[19] Švábenský V., Čeleda P., Vykopal J., Brišáková S. Cybersecurity knowledge and skills taught in capture the flag challenges. Computers & Security. 2021; 102:102154. (In Eng.) DOI: https://doi.org/10.1016/j.cose.2020.102154
[20] John S.N., Noma-Osaghae E., Oajide F., Okokpujie K. Cybersecurity Education: The Skills Gap, Hurdle! In: Daimi K., Francia III G. (ed.) Innovations in Cybersecurity Education. Springer, Cham; 2020. p. 361-376. (In Eng.) DOI: https://doi.org/10.1007/978-3-030-50244-7_18
[21] Hodson C. Cybersecurity Skills. In: Jajodia S., Samarati P., Yung M. (ed.) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg; 2020. (In Eng.) DOI: https://doi.org/10.1007/978-3-642-27739-9_1577-1
[22] Wang P., Sbeit R. A Comprehensive Mentoring Model for Cybersecurity Education. In: Latifi S. (ed.) 17th International Conference on Information Technology - New Generations (ITNG 2020). Advances in Intelligent Systems and Computing. 2020; 1134:17-23. Springer, Cham. (In Eng.) DOI: https://doi.org/10.1007/978-3-030-43020-7_3
[23] Ghernaouti S., Wanner B. Research and Education as Key Success Factors for Developing a Cybersecurity Culture. In: Bartsch M., Frey S. (ed.) Cybersecurity Best Practices. Springer Vieweg, Wiesbaden; 2018. p. 539-552. (In Eng.) DOI: https://doi.org/10.1007/978-3-658-21655-9_38
[24] Read H., Sutherland I., Xynos K., Drange T., Sundt E. The Impact of Changing Technology on International Cybersecurity Curricula. In: Tryfonas T. (ed.) Human Aspects of Information Security, Privacy and Trust. HAS 2017. Lecture Notes in Computer Science. 2017; 10292:518-528. Springer, Cham. (In Eng.) DOI: https://doi.org/10.1007/978-3-319-58460-7_36
[25] González-Torres A., Hernández-Campos M., González-Gómez J., Byrd V.L., Parsons P. Information Visualization as a Method for Cybersecurity Education. In: Daimi K., Francia III G. (ed.) Innovations in Cybersecurity Education. Springer, Cham; 2020. p. 55-70. (In Eng.) DOI: https://doi.org/10.1007/978-3-030-50244-7_4
![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing.
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.