FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY CURRICULUM EDUCATIONAL CONTENT

In this research, we define a framework for identifying the educational content of an existing university-level cybersecurity curriculum and aligning it with educational requirements distilled from the combination of the European cybersecurity taxonomy and European Cybersecurity Skills Framework, which identifies distinct role profiles with different educational requirements for cybersecurity professionals. We take the cybersecurity roles and skills frameworks and connect them with the knowledge areas defined in the European cybersecurity taxonomy. As a result, we can clearly identify the necessary knowledge areas for each individual role, and also align them with individual course contents in the cybersecurity curriculum. This makes it possible to identify gaps in existing curricula and ensure that educational content meets the requirements of expected knowledge areas. The developed framework is validated by using it to evaluate an existing university level cybersecurity curriculum at University of Turku, where engineering education curriculum follows the CDIO model. The results are used to identify the gaps in current educational content and to verify that the educational content sufficiently covers the desired role profiles. It is also used to provide input for board level decision-making on cybersecurity education. In addition, the assessment phase also provides important feedback for further development of the framework towards a tool that can be used to shape wider educational policy on cybersecurity education beyond individual universities.