The paper leverages the training and education-related research outputs developed under the ECHO project. They are compared to the progress of the workgroups in ENISA (European Union Agency for Cybersecurity) and ECSO (European Cybersecurity Organization) that classify, structure and define the competencies, skills, and knowledge and risk factors. The approach digested by the ECHO project explores the methods for achieving a more vital balance between the market demands and talent supply. The scope of the research activities covers four main and interconnected components – i) Contextualization; ii) Competences; iii) Generic Curriculum; iv) Assessment methodology. The proposed approach explores and gradually builds upon the generic definitions of the skills and knowledge toward specific requirements on what an ICT or cybersecurity professional must know and be able to do in order to implement initial and further cyber-incident response actions. The paper considers mainly the design methods for building cybersecurity training programs for professionals. Still, it could be applied in academic settings as well, enriching the academic programs with practical learning experiences. Several examples are provided to demonstrate the relevance and applicability of the proposed methods.
BT - Information & Security: An International Journal DO - https://doi.org/10.11610/isij.5312 IS - 2 LA - eng N2 -The paper leverages the training and education-related research outputs developed under the ECHO project. They are compared to the progress of the workgroups in ENISA (European Union Agency for Cybersecurity) and ECSO (European Cybersecurity Organization) that classify, structure and define the competencies, skills, and knowledge and risk factors. The approach digested by the ECHO project explores the methods for achieving a more vital balance between the market demands and talent supply. The scope of the research activities covers four main and interconnected components – i) Contextualization; ii) Competences; iii) Generic Curriculum; iv) Assessment methodology. The proposed approach explores and gradually builds upon the generic definitions of the skills and knowledge toward specific requirements on what an ICT or cybersecurity professional must know and be able to do in order to implement initial and further cyber-incident response actions. The paper considers mainly the design methods for building cybersecurity training programs for professionals. Still, it could be applied in academic settings as well, enriching the academic programs with practical learning experiences. Several examples are provided to demonstrate the relevance and applicability of the proposed methods.
PY - 2022 SE - 177 SP - 177 EP - 190 T2 - Information & Security: An International Journal TI - Perspectives in the Design of a Modern Cybersecurity Training Programme: The ECHO Approach VL - 53 ER -