A Framework for Mapping Organisational Workforce Knowledge Profile in Cyber Security
- URL: http://arxiv.org/abs/2406.03322v1
- Date: Wed, 5 Jun 2024 14:34:37 GMT
- Title: A Framework for Mapping Organisational Workforce Knowledge Profile in Cyber Security
- Authors: Lata Nautiyal, Awais Rashid,
- Abstract summary: Building a comprehensive cyber security knowledge profile is a distinct challenge.
There has been a lack of a well-defined methodology for evaluating an organisation's cyber security knowledge.
We advance a framework leveraging CyBOK, to construct an organisation's knowledge profile.
- Score: 11.934344823380615
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: A cyber security organisation needs to ensure that its workforce possesses the necessary knowledge to fulfil its cyber security business functions. Similarly, where an organisation chooses to delegate their cyber security tasks to a third party provider, they must ensure that the chosen entity possesses robust knowledge capabilities to effectively carry out the assigned tasks. Building a comprehensive cyber security knowledge profile is a distinct challenge; the field is ever evolving with a range of professional certifications, academic qualifications and on-the-job training. So far, there has been a lack of a well-defined methodology for systematically evaluating an organisation's cyber security knowledge, specifically derived from its workforce, against a standardised reference point. Prior research on knowledge profiling across various disciplines has predominantly utilised established frameworks such as SWEBOK. However, within the domain of cyber security, the absence of a standardised reference point is notable. In this paper, we advance a framework leveraging CyBOK, to construct an organisation's knowledge profile. The framework enables a user to identify areas of coverage and where gaps may lie, so that an organisation can consider targeted recruitment or training or, where such expertise may be outsourced, drawing in knowledge capability from third parties. In the latter case, the framework can also be used as a basis for assessing the knowledge capability of such a third party. We present the knowledge profiling framework, discussing three case studies in organisational teams underpinning its initial development, followed by its refinement through workshops with cyber security practitioners.
Related papers
- What Skills Do Cyber Security Professionals Need? [10.615987702194944]
The increasing number of cyber-attacks has elevated the importance of cybersecurity for organizations.
Many individuals are looking to enter the field of cybersecurity.
However, there is a lack of clear understanding of the skills required for a successful career in this field.
arXiv Detail & Related papers (2025-02-19T12:10:53Z) - Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks.
In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
arXiv Detail & Related papers (2025-01-09T03:59:10Z) - SoK: Unifying Cybersecurity and Cybersafety of Multimodal Foundation Models with an Information Theory Approach [58.93030774141753]
Multimodal foundation models (MFMs) represent a significant advancement in artificial intelligence.
This paper conceptualizes cybersafety and cybersecurity in the context of multimodal learning.
We present a comprehensive Systematization of Knowledge (SoK) to unify these concepts in MFMs, identifying key threats.
arXiv Detail & Related papers (2024-11-17T23:06:20Z) - An Actionable Framework for Understanding and Improving Talent Retention
as a Competitive Advantage in IT Organizations [44.342141516382284]
This work presents an actionable framework for Talent Retention (TR) used in IT organizations.
Our framework encompasses a set of factors, contextual characteristics, barriers, strategies, and coping mechanisms.
Our findings indicated that software engineers can be differentiated from other professional groups.
arXiv Detail & Related papers (2024-02-02T17:08:14Z) - Requirements for a Career in Information Security: A Comprehensive
Review [0.0]
The primary objective is to increase public awareness regarding the diverse opportunities available in the Information Security (IS) field.
Thematic analysis was conducted on these studies to identify and delineate the crucial knowledge and skills that an IS professional should possess.
The study recognizes the existence of gender-related obstacles for women pursuing cybersecurity careers due to the field's unique requirements.
arXiv Detail & Related papers (2024-01-07T16:41:13Z) - Cybersecurity Career Requirements: A Literature Review [0.0]
The research found that a considerable investment in time is necessary for cybersecurity professionals to reach the required technical proficiency.
It also identified female gender barriers to cybersecurity careers due to the unique requirements of the field.
arXiv Detail & Related papers (2023-06-16T02:58:29Z) - Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers.
We then present the pointwise feasibility conditions of the resulting safety controller.
We use these conditions to devise an event-triggered online data collection strategy.
arXiv Detail & Related papers (2022-08-23T05:02:09Z) - 'Cyber security is a dark art': The CISO as soothsayer [12.246860992135783]
Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises.
Many organisations employ a Chief Information Security Officer (CISO) to lead such a function.
We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders.
arXiv Detail & Related papers (2022-02-25T15:21:29Z) - Direct then Diffuse: Incremental Unsupervised Skill Discovery for State
Covering and Goal Reaching [98.25207998996066]
We build on the mutual information framework for skill discovery and introduce UPSIDE to address the coverage-directedness trade-off.
We illustrate in several navigation and control environments how the skills learned by UPSIDE solve sparse-reward downstream tasks better than existing baselines.
arXiv Detail & Related papers (2021-10-27T14:22:19Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.