{"title":"Structuring a Cybersecurity Curriculum for Non-IT Employees of Micro- and Small Enterprises","authors":"Bernd Remmele, Jessica Peichl","doi":"10.1145/3465481.3469198","DOIUrl":null,"url":null,"abstract":"Micro- and Small Enterprises (MSE) and the persons working there (owners/managers, employees) are often neglected in policies and initiatives concerning cybersecurity and data privacy. Communication strategies are targeting IT-departments or IT-specialists - most MSEs have neither. The Horizon 2020 project GEIGER wants to address this problem by providing a cybersecurity monitoring solution that can be used by IT-laypersons. In addition to an easy-to-use software tool focusing on the monitoring of imminent cyber threats GEIGER develops an Education Ecosystem, which approaches this target groups at different levels: from regular employees, who cannot or don't want to extensively deal with cybersecurity, to designated persons (internal or external), who are made responsible for monitoring the functioning of GEIGER in a company. To take full account of this, the competence level of individuals and their development are part of the data structure of the GEIGER monitoring. Hence, it also includes automated recommendations to follow certain training sequences included in GEIGER or from other sources. To define the different levels of competence in cybersecurity, i.e. also their development, to propose adequate learning objectives and design pertinent learning materials, GEIGER has elaborated a curriculum. The structure of this curriculum follows the conditions and requirements given by the general situation of security threats and learning scenarios in MSEs. It has three main dimensions: ‘levels’ that reflect the competence development within MSE-specific learning environments; ‘pillars’ that reflect the GEIGER-specific topical differentiation in general cybersecurity as well as handling and communicating GEIGER functions; object ‘layers’ that reflect specific cybersecurity threats as they appear for the IT-lay target groups in MSEs. To allow for interoperability of the educational parts of GEIGER the competences of the GEIGER curriculum are written in form of xAPI-statements, i.e. a specific metadata-format for learning achievements.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3469198","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Micro- and Small Enterprises (MSE) and the persons working there (owners/managers, employees) are often neglected in policies and initiatives concerning cybersecurity and data privacy. Communication strategies are targeting IT-departments or IT-specialists - most MSEs have neither. The Horizon 2020 project GEIGER wants to address this problem by providing a cybersecurity monitoring solution that can be used by IT-laypersons. In addition to an easy-to-use software tool focusing on the monitoring of imminent cyber threats GEIGER develops an Education Ecosystem, which approaches this target groups at different levels: from regular employees, who cannot or don't want to extensively deal with cybersecurity, to designated persons (internal or external), who are made responsible for monitoring the functioning of GEIGER in a company. To take full account of this, the competence level of individuals and their development are part of the data structure of the GEIGER monitoring. Hence, it also includes automated recommendations to follow certain training sequences included in GEIGER or from other sources. To define the different levels of competence in cybersecurity, i.e. also their development, to propose adequate learning objectives and design pertinent learning materials, GEIGER has elaborated a curriculum. The structure of this curriculum follows the conditions and requirements given by the general situation of security threats and learning scenarios in MSEs. It has three main dimensions: ‘levels’ that reflect the competence development within MSE-specific learning environments; ‘pillars’ that reflect the GEIGER-specific topical differentiation in general cybersecurity as well as handling and communicating GEIGER functions; object ‘layers’ that reflect specific cybersecurity threats as they appear for the IT-lay target groups in MSEs. To allow for interoperability of the educational parts of GEIGER the competences of the GEIGER curriculum are written in form of xAPI-statements, i.e. a specific metadata-format for learning achievements.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
