A proposal for a Cybersecurity Skills Certification Framework : CONCORDIA

A proposal for a Cybersecurity Skills Certification Framework

How the existence of a Cybersecurity Skills Certification Framework will help the market and what if the connection to the European Cybersecurity Skills Framework?

One of the main directions of the work performed by the CONCORDIA project is cybersecurity related education and training. Other posts such as [[1], [2], [3]] have already explained the process and the different activities already performed by the project on this subject. The purpose of this blog is to present the final results of the activities related to the certification of skills.

In the CONCORDIA Methodology for the creation and deployment of new courses and/or teaching materials for cybersecurity professionals the value and importance of certification of skills has been underlined and described as complimentary and essential to the education process. At the same time, various studies[4],[5] show that skills certifications are important for professionals and organizations alike and as actions to help address the cybersecurity skills gap.

One of the problems brought forth by the feasibility study conducted by the project, was the great number of skills certifications, some of them having almost the same name but offering little assistance in comparing or identifying if they fit the needs and career ambitions of the individuals. To tackle this issue, the project team decided

to implement a cybersecurity skills certification scheme and pilot it, in order to gather best practices and
to present the extracted best practices in a proposal for a Cybersecurity Skills Certification Framework.

For the Role of the Cybersecurity Consultant, the project has already implemented over the last 2 years three iterations of the exams process and is currently preparing for organizing the fourth one. The feedback collected from the participants and the lessons learned helped us finalizing the C³ by CONCORDIA Certification Scheme [link] and fed further the more generic Skills Certification Framework.

The Cybersecurity Skills Certification Framework describes (at a higher level) the adjustments that should be made on an ISO 17024 compliant certification process and resulting certification schemes, to better fit the specificities of cybersecurity skills domain. Specifically, the document includes a number of requirements and information split into the basic certification principles:

Impartiality (8 requirements),
Responsiveness (5 requirements),
Confidentiality (8 requirements),
Responsibility (5 requirements) and
Competence (18 requirements).

it should be pointed out that one of the first requirements of the proposed Cybersecurity Skills Certification Framework, is the mandate to design Certification Schemes on the basis of established and recognized Role Profiles, with explicit reference to the ones proposed by ENISA[6].

By adopting a common European Cybersecurity Skills Certification Framework, different organizations (certification bodies) realizing Cybersecurity Skills Certification Schemes will share a common baseline of processes and activities, thus producing comparable certificates in the market.

In this way professionals will have a clear understanding on which skills and knowledge are being validated through each certification scheme and to which Role profile these correspond to. The same value can be also identified by HR professionals who need to hire individuals that possess the appropriate skills and knowledge to perform the allocated tasks effectively.

The Cybersecurity Skills Certification Framework can be found at https://www.concordia-h2020.eu/wp-content/uploads/2022/12/CONCORDIA_Certification_Framework_1.0.pdf and we welcome any comments at argyro.chatzopoulou@tuv.at.

[1] https://www.concordia-h2020.eu/wp-content/uploads/2020/06/CONCORDIA-SkillsFeasibilityStudy-forpublication.pdf

[2] https://www.concordia-h2020.eu/wp-content/uploads/2020/07/CONCORDIAWorkshoponEducation2020-forpublication.pdf

[3] https://www.concordia-h2020.eu/wp-content/uploads/2021/07/Pilot_Course_BCSC_Report_Final.pdf

[4] https://www.isaca.org/go/state-of-cybersecurity-2022

[5] https://www.isc2.org/Research/Workforce-Study

[6] https://www.enisa.europa.eu/topics/cybersecurity-education/european-cybersecurity-skills-framework/ecsf-profiles-v-0-5-draft-release.pdf

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

A proposal for a Cybersecurity Skills Certification Framework

Our site saves cookies on your device in order to deliver better content. By browsing our website you grant us the permission to store that information on your device.