COMPARATIVE ANALYSIS OF STRATEGIES FOR BUILDING SECOND AND THIRD LEVEL OF 125 “CYBER SECURITY” EDUCATIONAL PROGRAMS
DOI:
https://doi.org/10.28925/2663-4023.2023.20.183204Keywords:
cyber security; informational security; IS; information technology; IT; information protection; vulnerabilities; learning process; educational standard.Abstract
The article analyzes the global market for the provision of educational services in the field of information security and cybersecurity. The study aims to compare strategies for building curricula for the second and third levels of education for specialties related to information technology, information, and cybersecurity, as well as to formulate recommendations for harmonizing the learning process and international standards. Cybersecurity training programs are becoming outdated too quickly. ISO standards are updated approximately every four years. Also, the standard for the specialty 125 “Cybersecurity” for the third educational level still needs to be finalized. There is a problem of forming a consistent process of introducing the latest approaches and practices into the curriculum. The growth of the information technology market is leading to an increase in the need for cybersecurity specialists. Two processes are taking place simultaneously: the transition from practical skills to fundamental knowledge and vice versa. The most successful higher education institutions are those that can combine both approaches simultaneously. But this requires an experimental base, practical training laboratories, and a staff of teachers and researchers. Only large institutions can perform this task. Since cybersecurity challenges are constantly changing, higher education institutions are required to improve their programs annually. Simultaneously with the process of updating teaching approaches, the body of international and industry standards, as well as various best practices and frameworks, are being improved. Rapid change requires not only continuous improvement from educators but also from cybersecurity practitioners. Thus, the process of continuous learning should continue after the formal completion of a master's or Ph.D. program. The results of this study show that only a comprehensive development of information security skills allows for high-quality training of specialists. Based on this, the requirements for the educational standard for training specialists and scientists are presented.
Downloads
References
Sokolov, V. (2022). Approaches to the Formation of Scientific Thinking in Cybersecurity High School Students. Cybersecurity: Education, Science, Technique, 2(18), 124–137. https://doi.org/10.28925/2663-4023.2022.18.124137
Buriachok, V., et al. (2021). Interdisciplinary Approach to the Development of Risk Management Skills on the basis of Decision-Making Theory. Cybersecurity: Education, Science, Technique, 3(11), 155–165. https://doi.org/10.28925/2663-4023.2021.11.155165
Shevchenko, S., et al. (2020). Conducting a Swot-Analysis of Information Risk Assessment as a Means of Formation of Practical Skills of Students Specialty 125 Cyber Security. Cybersecurity: Education, Science, Technique, 2(10), 158–168. https://doi.org/10.28925/2663-4023.2020.10.158168
Buriachok, V., et al. (2020). Application of Ni Multisim Environment in the Practical Skills Building for Students of 125 “Cybersecurity” Specialty. Cybersecurity: Education, Science, Technique, 1(9), 159–169. https://doi.org/10.28925/2663-4023.2020.9.159169
Buriachok, V., et al. (2018). Training Model for Professionals in the Field of Information and Cyber Security in the Higher Educational Institutions of Ukraine. Information Technologies and Learning Tools, 67(5), 277–291. https://doi.org/10.33407/itlt.v67i5.2347
International Organization for Standardization (2020). ISO/IEC 19788-1:2011. Information Technology. Learning, Education and Training. Metadata for Learning Resources. Part 1: Framework. https://www.iso.org/standard/50772.html
National Institute of Standards and Technology (2023). Discussion Draft of the NIST Cybersecurity Framework 2.0 Core https://www.nist.gov/system/files/documents/2023/04/24/
NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf
Cybersecurity and Infrastructure Security Agency (2023). FY 2023. Inspector General Federal Information Security Modernization Act of 2014 (FISMA). Metrics Evaluator’s Guide, ver. 3.0. https://www.cisa.gov/sites/default/files/2023-05/fy_2023_ig_fisma_metrics_
evaluation_guide.pdf
FedRAMP (2018). General Document Acceptance Criteria, ver. 2.1. https://www.fedramp.gov/assets/resources/documents/FedRAMP_General_Document_Acceptance_Criteria.pdf
International Society of Automation (2020). ISA/IEC 62443. Series of Standards. https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards
PCI Security Standards Council (2022). PCI DSS, ver. 4.0. https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
Swift (2023). Customer Security Programme. https://www.swift.com/ru/node/
The European Parliament and of the Council (2018). Regulation (EU) 2016/679 of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union, 1–88. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
U.S. Department of Health and Human Services Office for Civil Rights (2013). HIPAA Administrative Simplification. Regulation Text. 45 CFR Parts 160, 162, and 164. https://www.hhs.gov/sites/default/files/hipaa-simplification-201303.pdf
Lepofsky, R. (2014). COBIT 5 for Information Security. In: The Manager’s Guide to Web Application Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0148-0_10
Association of International Certified Professional Accountants (2023). SOC for Cybersecurity. https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-for-cybersecurity
Wollinger, G. R., Schulze, A. (2020). Handbuch Cybersecurity für die öffentliche Verwaltung. KSV Verwaltungspraxis. https://doi.org/10.5771/9783748912057
Common Criteria (2022). Common Methodology for Information Technology Security Evaluation. Evaluation Methodology, rev. 1. https://www.commoncriteriaportal.org/
files/ccfiles/CEM2022R1.pdf
Center for Internet Security (2023). CIS Critical Security Controls, ver. 8. https://www.cisecurity.org/controls/v8_pre
International Organization for Standardization (2022). ISO/IEC 27002:2022. Information Security, Cybersecurity and Privacy Protection. Information Security Controls. https://www.iso.org/standard/75652.html
International Organization for Standardization (2012). ISO/IEC 19790:2012. Information Technology. Security Techniques. Security Requirements for cryptographic Modules. https://www.iso.org/standard/52906.html
International Organization for Standardization (2018). ISO/IEC 20000-1:2018. Information Technology. Service Management. Part 1: Service Management System Requirements. https://www.iso.org/standard/70636.html
International Organization for Standardization (2022). ISO/IEC 27001. Information Security Management Systems. https://www.iso.org/standard/27001
International Organization for Standardization (2022). ISO/IEC 27005:2022. Information Security, Cybersecurity and Privacy Protection. Guidance on Managing Information Security Risks. https://www.iso.org/standard/80585.html
International Organization for Standardization (2019). ISO/IEC 27701:2019. Security Techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management. Requirements and Guidelines. https://www.iso.org/standard/71670.html
International Organization for Standardization (2017). ISO/IEC 29151:2017. Information Technology. Security Techniques. Code of Practice for Personally Identifiable Information Protection. https://www.iso.org/standard/62726.html
International Organization for Standardization (2017). ISO/IEC 38505-1:2017. Information Technology. Governance of IT. Governance of Data. Part 1: Application of ISO/IEC 38500 to the Governance of Data. https://www.iso.org/standard/56639.html
Information Technology Laboratory (2023). Federal Information Processing Standards. https://csrc.nist.gov/publications/fips
Open Web Application Security Project (2023). OWASP Security Knowledge Framework. https://owasp.org/www-project-security-knowledge-framework/
Ministry of Education and Science of Ukraine (2021). Standard of Higher Education of Ukraine. Second (Master’s) Level. 12 Information Technologies. 125 Cybersecurity, No. 332 dated March 18, 2021 https://mon.gov.ua/storage/app/media/vyshcha/standarty/2021/03/
/125%20Kiberbezpeka_mahistr_18_03_21_332.docx
Buriachok, V., et al. (2016). Methodological Recommendations for the Completion of Diploma Theses of the Educational Level “Bachelor” of Students of the Field of Knowledge 1701 “Information Security,” DUT, NAU.
Yevdokymenko, M., Sokolov, V. (2019). Overview of the Course in “Wireless and Mobile Security.” Educating the Next Generation MSc in Cyber Security, 104–119. https://doi.org/10.5281/zenodo.2647747
Vladymyrenko, M., Sokolov, V., Astapenia, V. (2019). Study of Stability of Peer-to-Peer Wireless Networks with Self-Organization. Cybersecurity: Education, Science, Technique, 3, 6–26. https://doi.org/10.28925/2663-4023.2019.3.626
Taj Dini, M., Sokolov, V. (2017). Internet of Things Security Problems. Modern Information Protection, 1, 120–127.
Zhdanovа Y., Spasiteleva, S., Shevchenko, S. (2019). Application Of The Security.Cryptography Class Library For Practical Training Of Specialists From The Cyber Security. Cybersecurity: Education, Science, Technique, 4(4), 44–53. https://doi.org/10.28925/2663-4023.2019.4.4453
Taj Dini, M., Sokolov, V. (2018). Penetration Tests for Bluetooth Low Energy and Zigbee using the Software-Defined Radio. Modern Information Protection, 1, 82–89.
Kipchuk, F., et al. (2021). Assessing Approaches of IT Infrastructure Audit. In 8th International Conference on Problems of Infocommunications, Science and Technology, 213–217. https://doi.org/10.1109/picst54195.2021.9772181
Kurbanmuradov, D., Sokolov, V., Astapenia, V. (2019). Implementation of the XTEA Encryption Protocol based on Wireless Systems of the IEEE 802.15.4 Standard. Cybersecurity: Education, Science, Technique, 2(6). 32–45. https://doi.org/10.28925/2663-4023.2019.6.3245
TajDini, M., Sokolov, V., Buriachok, V. (2019). Men-in-the-Middle Attack Simulation on Low Energy Wireless Devices using Software Define Radio. In 8th International Conference on “Mathematics. Information Technologies. Education,” 287–296.
Buriachok, V., Sokolov, V., Taj Dini, M. (2020). Research of Caller ID Spoofing Launch, Detection, and Defense. Cybersecurity: Education, Science, Technique, 1(7), 6–16. https://doi.org/10.28925/2663-4023.2020.7.616
TajDini, M., Sokolov, V., Skladannyi, P. (2021). Performing Sniffing and Spoofing Attack Against ADS-B and Mode S using Software Define Radio. In IEEE International Conference on Information and Telecommunication Technologies and Radio Electronics, 7–11. https://doi.org/10.1109/ukrmico52950.2021.9716665
Tsyrkaniuk, D., et al. (2021). Method of Marketplace Legitimate User and Attacker Profiling. Cybersecurity: Education, Science, Technique, 2(14), 50–67. https://doi.org/10.28925/2663-4023.2021.14.5067
Sokolov, V., Kurbanmuradov D. (2018). The Method of Combating Social Engineering at the Objects of Information Activity. Cybersecurity: Education, Science, Technique, 1, 6–16. https://doi.org/10.28925/2663-4023.2018.1.616
Marusenko, R., Sokolov, V., Buriachok, V. (2020). Experimental Evaluation of Phishing Attack on High School Students. Advances in Computer Science for Engineering and Education III, 1247, 668–680. https://doi.org/10.1007/978-3-030-55506-1_59
Marusenko, R., Sokolov, V., Bogachuk, I. (2022). Method of Obtaining Data from Open Scientific Sources and Social Engineering Attack Simulation. Advances in Artificial Systems for Logistics Engineering, 135, 583–594. https://doi.org/10.1007/978-3-031-04809-8_53
Vyshnivskyi, V., Sokolov, V. (2018). Laboratory Complex “Cyber Range.” Modern Information Protection, 2, 105–107.
CDIO Office (2019). CDIO Standards 2.1. http://www.cdio.org/content/cdio-standards-21
Delhij, A., van Solingen, R., Wijnands, W. (2015). The eduScrum Guide “The rules of the Game.”
Buriachok, V., Sokolov, V. (2019). Implementation of Active Learning in the Master’s Program on Cybersecurity. Advances in Computer Science for Engineering and Education II, 938, 610–624. https://doi.org/10.1007/978-3-030-16621-2_57
Buriachok, V, et al. (2023). Implementation of Active Cybersecurity Education in Ukrainian Higher School. Lecture Notes on Data Engineering and Communications Technologie, 178, 533–551. https://doi.org/10.1007/978-3-031-35467-0_32
Buriachok, V., Shevchenko, S., Skladannyi, P. (2018). Virtual Laboratory for Modeling of Processes in Informational and Cyber Securities as a form of Forming Practical Skills of Students. Cybersecurity: Education, Science, Technique, 2(2), 98–104. https://doi.org/10.28925/2663-4023.2018.2.98104
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Володимир Соколов, Павло Складанний
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.