2019 » Papers » Volume 2 » High Impact Cybersecurity Capacity Building 1. HIGH IMPACT CYBERSECURITY CAPACITY BUILDING Authors: Nevmerzhitskaya Julia, Virag Csaba, Norvanto Elisa Volume 2 | DOI: 10.12753/2066-026X-19-113 | Pages: 306-312 | Download PDF | Abstract
The shift of our societies towards automation and connectivity is accompanied by growing vulnerabilities that can be exploited to cause effects ranging from nuisance to large-scale breaches of sensitive personal data, terrorism and destabilisation of democratic processes . To achieve preparedness and resilience, cybersecurity skills need to be continuously advanced at all levels of ICT and security personnel, in a constant learning process, to address complex demands of individual and organizational level capacity building through trainings and exercises.
In this article authors describe a proposal for a common cybersecurity training framework enabling practical, operational and hands-on trainings that are adaptable to changing threat conditions, and a methodology to transform user needs into interoperable training specifications to be used by cyber range and cybersecurity training providers and that can take advantage of simulations and knowledge transfer solutions. Such a framework improves cybersecurity training capabilities by leveraging dynamic simulation environments for delivery of realistic training scenarios enabling participants and organisations to prepare for current and future threats. The framework provides the foundation for systematic development of cybersecurity skills at the individual and organizational levels. It consists of a multidisciplinary cybersecurity training methodology; a model that describes the various skills required to perform cybersecurity duties, as well as the levels of proficiencies; and the training and skills evaluation methodology.
The innovation potential of the proposed training framework comes from a holistic approach to understanding capacity building in terms of translating end-user needs into training scenarios and applying a human-centred and organisational approach to cybersecurity, taking into consideration behavioural aspects of training. | Keywords
cybersecurity; training and education; capacity building. |