A Framework for Mapping Organisational Workforce Knowledge Profile in Cyber Security
- URL: http://arxiv.org/abs/2406.03322v1
- Date: Wed, 5 Jun 2024 14:34:37 GMT
- Title: A Framework for Mapping Organisational Workforce Knowledge Profile in Cyber Security
- Authors: Lata Nautiyal, Awais Rashid,
- Abstract summary: Building a comprehensive cyber security knowledge profile is a distinct challenge.
There has been a lack of a well-defined methodology for evaluating an organisation's cyber security knowledge.
We advance a framework leveraging CyBOK, to construct an organisation's knowledge profile.
- Score: 11.934344823380615
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: A cyber security organisation needs to ensure that its workforce possesses the necessary knowledge to fulfil its cyber security business functions. Similarly, where an organisation chooses to delegate their cyber security tasks to a third party provider, they must ensure that the chosen entity possesses robust knowledge capabilities to effectively carry out the assigned tasks. Building a comprehensive cyber security knowledge profile is a distinct challenge; the field is ever evolving with a range of professional certifications, academic qualifications and on-the-job training. So far, there has been a lack of a well-defined methodology for systematically evaluating an organisation's cyber security knowledge, specifically derived from its workforce, against a standardised reference point. Prior research on knowledge profiling across various disciplines has predominantly utilised established frameworks such as SWEBOK. However, within the domain of cyber security, the absence of a standardised reference point is notable. In this paper, we advance a framework leveraging CyBOK, to construct an organisation's knowledge profile. The framework enables a user to identify areas of coverage and where gaps may lie, so that an organisation can consider targeted recruitment or training or, where such expertise may be outsourced, drawing in knowledge capability from third parties. In the latter case, the framework can also be used as a basis for assessing the knowledge capability of such a third party. We present the knowledge profiling framework, discussing three case studies in organisational teams underpinning its initial development, followed by its refinement through workshops with cyber security practitioners.
Related papers
- An Actionable Framework for Understanding and Improving Talent Retention
as a Competitive Advantage in IT Organizations [44.342141516382284]
This work presents an actionable framework for Talent Retention (TR) used in IT organizations.
Our framework encompasses a set of factors, contextual characteristics, barriers, strategies, and coping mechanisms.
Our findings indicated that software engineers can be differentiated from other professional groups.
arXiv Detail & Related papers (2024-02-02T17:08:14Z) - Requirements for a Career in Information Security: A Comprehensive
Review [0.0]
The primary objective is to increase public awareness regarding the diverse opportunities available in the Information Security (IS) field.
Thematic analysis was conducted on these studies to identify and delineate the crucial knowledge and skills that an IS professional should possess.
The study recognizes the existence of gender-related obstacles for women pursuing cybersecurity careers due to the field's unique requirements.
arXiv Detail & Related papers (2024-01-07T16:41:13Z) - Cybersecurity Career Requirements: A Literature Review [0.0]
The research found that a considerable investment in time is necessary for cybersecurity professionals to reach the required technical proficiency.
It also identified female gender barriers to cybersecurity careers due to the unique requirements of the field.
arXiv Detail & Related papers (2023-06-16T02:58:29Z) - Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers.
We then present the pointwise feasibility conditions of the resulting safety controller.
We use these conditions to devise an event-triggered online data collection strategy.
arXiv Detail & Related papers (2022-08-23T05:02:09Z) - 'Cyber security is a dark art': The CISO as soothsayer [12.246860992135783]
Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises.
Many organisations employ a Chief Information Security Officer (CISO) to lead such a function.
We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders.
arXiv Detail & Related papers (2022-02-25T15:21:29Z) - Learning to Be Cautious [71.9871661858886]
A key challenge in the field of reinforcement learning is to develop agents that behave cautiously in novel situations.
We present a sequence of tasks where cautious behavior becomes increasingly non-obvious, as well as an algorithm to demonstrate that it is possible for a system to emphlearn to be cautious.
arXiv Detail & Related papers (2021-10-29T16:52:45Z) - Direct then Diffuse: Incremental Unsupervised Skill Discovery for State
Covering and Goal Reaching [98.25207998996066]
We build on the mutual information framework for skill discovery and introduce UPSIDE to address the coverage-directedness trade-off.
We illustrate in several navigation and control environments how the skills learned by UPSIDE solve sparse-reward downstream tasks better than existing baselines.
arXiv Detail & Related papers (2021-10-27T14:22:19Z) - Multi Agent System for Machine Learning Under Uncertainty in Cyber
Physical Manufacturing System [78.60415450507706]
Recent advancements in predictive machine learning has led to its application in various use cases in manufacturing.
Most research focused on maximising predictive accuracy without addressing the uncertainty associated with it.
In this paper, we determine the sources of uncertainty in machine learning and establish the success criteria of a machine learning system to function well under uncertainty.
arXiv Detail & Related papers (2021-07-28T10:28:05Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Knowledge Federation: A Unified and Hierarchical Privacy-Preserving AI
Framework [25.950286526030645]
We propose a comprehensive framework (called Knowledge Federation - KF) to address challenges by enabling AI while preserving data privacy and ownership.
KF consists of four levels of federation: (1) information level, low-level statistics and computation of data, meeting the requirements of simple queries, searching and simplistic operators; (2) model level, supporting training, learning, and inference; (3) cognition level, enabling abstract feature representation at various levels of abstractions and contexts; (4) knowledge level, fusing knowledge discovery, representation, and reasoning.
We have developed a reference implementation of KF, called iBond Platform, to offer a production-quality
arXiv Detail & Related papers (2020-02-05T05:23:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.