Would cybersecurity professionalization help address the cybersecurity crisis?

Burley, Diana; Eisenberg, Jon; Goodman, Seymour E.

doi:10.1145/2556936

Cited by 24 publications

(17 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, this has to be undertaken at the right pace and not necessarily at the same time for all occupations [2], and existing standard and certification bodies should be rationalised into a single professional body per discrete occupation [14].…”

Section: Related Workmentioning

confidence: 99%

“…Research strands that seek to address this topic have focused on industry professionalisation [2], competency requirements [3], [4], and the design of training programmes [5], [6], with a particular emphasis on the role of competitive events, such as Capture The Flag (CTF) competitions [7], [8], [9], [10]. One core area that has remained unaddressed, however, is a focus on the approaches to assess competency within cyber security qualifications.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

et al. 2017

View full text Add to dashboard Cite

Abstract-There has been a proliferation of industry-focused cyber security qualifications, which use different techniques to assess the competencies of cyber security professionals and certify them to employers. There is, however, a lingering question about these qualifications: do they effectively assess the competencies of cyber security professionals? 74 cyber security qualifications were analysed to determine how competency assessment is performed in practice, and five distinct techniques were identified together with the frequency of their use within qualifications. These techniques formed the basis of a large-scale survey of the perceptions of 153 industry stakeholders on the effectiveness of individual techniques and their cost-effectiveness as combinations. Despite a perceived low effectiveness of Multiple Choice Examinations, industry qualifications were found to rely on it heavily, often as a sole technique, and few qualifications utilised the cost-effective combinations identified by stakeholders.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Whilst we saw above that this reticence is common, it has arguably hindered professional recognition since there is no clear single certification to recognise as a standard (Furnell, 2004;Tate et al, 2008;Schultz, 2005). Without a common body of knowledge, there cannot be a unified professional identity (Everett, 2011;Burley et al, 2014). And yet professional identity is clearly the aim of many such schemes, which often require both an examination and a qualifying period of experience.…”

Section: 5mentioning

confidence: 99%

“…In the US, the Department of Homeland Security [DoHS] (2012) is also active in developing "cyber skills" however the National Research Council [NRC] (2013) appears more cautious than the UK Government towards formal professionalisation. Alongside noting the effects of artificially manipulating labour markets, it cites the lack of a single body of knowledge to define such a profession (Burley et al, 2014). Yet references are already commonly made to information security "professionals" and a number of credentials exist to certify this professional status.…”

Section: Introductionmentioning

confidence: 99%

“…The study examines their basic concept of "profession", alongside their attitude to professional status as a motivator and the value of certification. In addition, it investigates practitioner perspectives towards the heterogeneity of professional identity noted by Burley et al (2014) and others, examining whether those who implement technical controls and those who manage, educate, instil a security culture and issue policies represent a single occupation.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The professionalisation of information security: Perspectives of UK practitioners

Reece

Stahl

2015

Computers & Security

View full text Add to dashboard Cite

Measuring the accuracy of software vulnerability assessments: experiments with students and professionals

et al. 2020

View full text Add to dashboard Cite

Assessing the risks of software vulnerabilities is a key process of software development and security management. This assessment requires to consider multiple factors (technical features, operational environment, involved assets, status of the vulnerability lifecycle, etc.) and may depend from the assessor's knowledge and skills. In this work, we tackle with an important part of this problem by measuring the accuracy of technical vulnerability assessments by assessors with different level and type of knowledge. We report an experiment to compare how accurately students with different technical education and security professionals are able to assess the severity of software vulnerabilities with the Common Vulnerability Scoring System (v3) industry methodology. Our results could be useful for increasing awareness about the intrinsic subtleties of vulnerability risk assessment and possibly better compliance with regulations. With respect to academic education, professional training and human resources selections our work suggests that measuring the effects of knowledge and expertise on the accuracy of software security assessments is feasible albeit not easy.

show abstract

Would cybersecurity professionalization help address the cybersecurity crisis?

Abstract: Evaluating the trade-offs involved in cybersecurity professionalization.

Cited by 24 publications

References 0 publications

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

All That Glitters Is Not Gold: On the Effectiveness of Cybersecurity Qualifications

The professionalisation of information security: Perspectives of UK practitioners

Measuring the accuracy of software vulnerability assessments: experiments with students and professionals

Contact Info

Product

Resources

About