Formación y concienciación en ciberseguridad basada en competenciasuna revisión sistemática de literatura

  1. Josu Mendivil Caldentey
  2. Borja Sanz Urquijo
  3. Miren Gutierrez Almazor
Revista:
Pixel-Bit: Revista de medios y educación

ISSN: 1133-8482

Ano de publicación: 2022

Número: 63

Páxinas: 197-225

Tipo: Artigo

DOI: 10.12795/PIXELBIT.91640 DIALNET GOOGLE SCHOLAR lock_openAcceso aberto editor

Outras publicacións en: Pixel-Bit: Revista de medios y educación

Resumo

The ability of an organization to face threats and to overcome vulnerabilities in cybersecurity depends to a large extent on the level of training andawareness of its personnel and consequently on the existence of a competency framework that identifies the indicators in training awareness required for each job.This article makes a systematic review of the literature to explore the use of competency models when developing training and awareness programs in cybersecurity aimed at non-technical personnel in organizations.An examination of the literature shows that, although there is a high number of studies that address cybersecurity training and awareness, research related to competency models for non-specialized personnel is significantly scarce, methodologies have not evolved significantly, and the few skills models available incorporate job profiles in a limited way.As a result, and with the aim to advance the knowledge in this particular field, this article presents a model based on competencies for non-ICT personnel whichincludes the configuration of training and awareness plans according to job profiles, thus incorporating the necessary cybersecurity competencies.

Referencias bibliográficas

  • Aldawood, H. & Skinner, G. (2018). A Critical Appraisal of Contemporary Cyber Security Social Engineering Solutions: Measures, Policies, Tools and Applications. 26th International Conference on Systems Engineering (ICSEng) https://doi.org/10.1109/ICSENG.2018.8638166
  • Ali, R., Dominic, P., Ali, S., Rehman, M. & Sohail, A. (2021). Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance. Applied Sciences, 11(8), 3383. https://doi.org/10.3390/app11083383
  • Ani, U. D., He, H. & Tiwari, A. (2019). Human factor security: evaluating the cybersecurity capacity of the industrial workforce. Journal of Systems and Information Technology, 21(1), 2-35. https://www.doi.org/10.1108/JSIT-02-2018-0028
  • Bada, M. & Nurse, J. R. (2019). Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information & Computer Security, 27(3), 393-410. https://www.doi.org/10.1108/ICS-07-2018-0080
  • Bailey, T., Kolo, B., Rajagopalan & K., Ware, D. Insider threat: The human element of cyberrisk. (2018). Technical Report. McKinsey. https://mck.co/2Yzb7YB
  • Brilingaitė, A., Bukauskas, L. & Juozapavičius, A. (2020). A framework for competence development and assessment in hybrid cybersecurity exercises. Computers & Security, (88). https://doi.org/10.1016/j.cose.2019.101607
  • Calder, A., (2016). Nueve pasos para el éxito: Una visión de conjunto para la aplicación de la ISO 27001:2013. IT Governance Publishing.
  • Carlton, M., Levy, Y. & Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills. Information & Computer Security, 27(1), 101-121. https://doi.org/ 10.1108/ICS-11-2016-0088
  • CCN-CERT (2019). Ciberamenazas y Tendencias. Edición 2019. https://bit.ly/31WMmr8
  • CCN-CERT (2020). Ciberamenazas y Tendencias. Edición 2020. https://bit.ly/3BQnvlh
  • Eloff, J. & Eloff, M. (2005). Information security architecture. Computer Fraud & Security, (11), 10-16. https://doi.org/10.1016/S1361-3723(05)70275-X
  • ENISA (2018). Cybersecurity CultureGuidelines: Behavioural Aspects of Cybersecurity.
  • European Union Agency for Cybersecurity. https://bit.ly/3GLbVub
  • Haqaf, H. & Koyuncu, M. (2018). Understanding key skills for information security managers. International Journal of Information Management, 43, 165-172. https://doi.org/10.1016/j.ijinfomgt.2018.07.013
  • Hatzivasilis, G., Ioannidis, S., Smyrlis, M., Spanoudakis, G., Frati, F., Goeke, L., Hildebrandt, T., Tsakirakis, G., Oikonomou, F., Leftheriotis, G. & Koshutanski, H. (2020). Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees. Applied Sciences, 10(16), 5702. https://doi.org/10.3390/app10165702
  • Hiscox (2020). Hiscox cyberclaims report 2020. https://bit.ly/3oRm5Dw
  • IBM (2018). IBM X-Force Threat Intelligence Index 2018. IBM Security. https://ibm.co/3m3brYN
  • IC3. (2020). Internet Crime Report 2020. Technical Report. FBI. https://bit.ly/3tv3RbF
  • IDC. (2020). Global ICT Spending. Forecast 2020 - 2023. https://bit.ly/3tlrio0
  • Jacob, J., Wei, W., Sha, K., Davari, S. & Yang, A. (2018). Is the NICE cybersecurity workforce framework (NCWF) effective for a workforce comprised of interdisciplinary majors? Proceedings of the International Conference on Scientific Computing (CSC); Athens.
  • Khan, S., Wang, S. & Hodhod, R. (2019). viCyber: An Intelligent Curriculum Design Tool for Cybersecurity Education. Proceedings of the 50th ACM Technical Symposium on Computer Science Education. https://doi.org/ 10.1145/3287324.3293788
  • Kitchenham, B. (2004). Procedures for Performing Systematic Reviews. Technical Report. Keele University.
  • Lozano, M. (2017). 2017, el año en que las empresas se concienciaron en ciberseguridad. INCIBE. https://bit.ly/2VjkGK0
  • Maconachy, W., Schou, C., Ragsdale, D. & Welch, D. (2001). A Model for Information Assurance: An Integrated Approach. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. https://bit.ly/3GLexbQ
  • Malekos, Z. & Lostri, E. (2020). The Hidden Costs of Cybercrime. Technical Report. McAfee. https://bit.ly/3zYkcZ1
  • Mäses, S. (2020). Evaluating Cybersecurity-Related Competences through Simulation Exercises. Phd Thesis. Tallinn University of Technology.
  • Mayer-Schönberger, V. & Cukier, K. (2013). Big Data: A Revolution That Will Transform How We Live, Work and Think. John Murray Press.
  • Mendívil, J., Gutiérrez, M., & Sanz, B. (2021). Mapa Funcional de competencias en seguridad para el personal no TI de las universidades españolas. Investigación en Ciberseguridad. Jornadas Nacionales de Investigación en Ciberseguridad (34), 319-326. https://doi.org/10.18239/jornadas_2021.34.64
  • Muñoz, S., (2021) Everis revela que el ciberataque de finales de 2019 le costó 15 millones de euros. El País. https://bit.ly/2YCuShV.
  • Nilsen, R. (2017). Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges. Phd Thesis. https://bit.ly/3yjtG0I
  • ONTSI. Informe Anual del sector de las TIC, los medios y los servicios audiovisuales 2020. Observatorio Nacional de las Telecomunicaciones y de la Sociedad de la Información. https://bit.ly/3uZBX8k
  • Rahim, N., Hamid, S., Kiah, M., Shamshirband, S. & Furnell, S. (2015). A systematic review of approaches to assessing cybersecurity awareness, 44(4), 606-622. https://doi.org/10.1108/K-12-2014-0283
  • Remmele, B. & Peichl, J. (2021). Structuring a Cybersecurity Curriculum for Non-IT Employees of Micro- and Small Enterprises. The 16th International Conference on Availability, Reliability and Security, 159, 1-7. https://doi.org/10.1145/3465481.3469198
  • Saltzer, J. H. & Schroeder, M. D. (1975). The Protection of Information in Computer Systems. Fourth ACM Symposium on Operating System Principles, 63(9), 1278-1308. https://doi.org/10.1109/PROC.1975.9939
  • Sanchez-Vallejo, M.A. (2021). Uno de los mayores oleoductos de Estados Unidos suspende sus operaciones tras sufrir un ciberataque. El País. https://bit.ly/3Dxz29Y
  • Sithole, T., du Toit, J., Jaquire, V. & von Solms, S. (2020). A framework for a foundational cyber counterintelligence awareness and skills training programme. Proceedings of the 19th European Conference on Cyber Warfare. 510-517. https://doi.org/10.34190/EWS.20.036
  • Schwab, K., (2016). La cuarta revolución industrial. Editorial Debate.
  • Trim, P., & Lee, Y. (2021). The Global Cyber Security Model: Counteracting Cyber Attacks through a Resilient Partnership Arrangement. Big Data and Cognitive Computing, 5(3), 32. https://doi.org/10.3390/bdcc5030032
  • Ulven, J., & Wangen, G. (2021). A Systematic Review of Cybersecurity Risks in Higher Education. Future Internet, 13(2), 39. https://doi.org/10.3390/fi13020039
  • Vicente de, J.J., Mallouli, W., Ruiz, J.F. & van Haastrecht, M. (2021). GEIGER: Solution for small businesses to protect themselves against cyber-threats. The 16th International Conference on Availability, Reliability and Security, 157, 1-4.
  • Wang, Y., Qi, B., Zou, H. & Li, J. (2018). Framework of Raising Cyber Security Awareness. 18th International Conference on Communication Technology (ICCT). 865-869. https://doi.org/10.1109/ICCT.2018.8599967
  • WEF. (2021). The Global Risks Report 2021. World Economic Forum. Technical Report. https://bit.ly/3tuGe3c
  • Zhang-Kennedy, L. & Chiasson, S. (2021) A Systematic Review of Multimedia Tools for CybersecurityAwareness and Education. Association for Computing Machinery, 54(1). https://doi.org/10.1145/3427920
Fonte de datos: Dialnet