The more interconnected our world becomes, the greater the need to protect it. Cybercrime issues span across the globe nowadays and organizations are working diligently to combat it. Experts have implemented security frameworks that can span across multiple countries and industries. These frameworks often drive global cyber directives for organizations that funnel down to their workforce development.
That means global cyber directives can have a direct impact on the learning industry when it comes to training, development and continuing education. Many directives set the standard for frameworks that individuals must learn while upskilling in IT and cybersecurity roles.
We’ll discuss the security frameworks that drive global cyber initiatives, developing curriculum based on these frameworks and how organizations can successfully implement diverse learning experiences across the globe.
Security Frameworks That Drive Global Cyber Directives
Global cybersecurity initiatives have the same goal of protecting and safeguarding systems from emerging threats. Worldwide, countries are required to adhere to international laws aimed at protecting consumer data privacy, such as the European Union’s (EU) General Data Protection Regulation (GDPR). While the GDPR directly affects countries within the EU, countries that conduct business with nations in the EU are also held to the fines and penalties associated with the law.
Within the greater global cybersecurity industry, there are several frameworks that are used in many countries to drive cyber directives for their region. These frameworks are often developed in correlation with cybersecurity legislation to ensure organizations are implementing effective security measures to protect their infrastructure from attacks. For example, organizations in the United States build their cyber initiatives under frameworks like National Institute of Standards and Technology (NIST) and National Initiative for Cybersecurity Education (NICE). However, other countries are implementing their own directives to ensure their cyber initiatives apply to their region and industries.
Established in 2022, the European Cybersecurity Skills Framework (ECSF) was created and implemented to provide a common understanding of cybersecurity role profiles within Europe. This framework also provides a common mapping for professionals with the appropriate skills and competences required.
“This new framework is linked heavily to the NICE framework but with a bit of a UK defense spin on it,” said Neil Key, cyber operations manager, MOD, during a session at the CompTIA EMEA Member and Partner Conference. “It is designed to match the requirements based on the build performance assessments written on the job and training analysis.”
This shows that throughout the world, multiple frameworks can help support more positive cyber directives for training and job placement for candidates. Although multiple frameworks can create challenges to the learning and development industry, they can also promote more industry-specific training.
Developing Curriculum Based on Global Initiatives
When new frameworks and updates are introduced to security practitioners, it can create challenges for curriculum developers. For example, why do some organizations choose one learning framework over another? Key says it boils down to what will work best in your sector.
For instance, curriculum based around risk management are best suited to follow NIST or ECSF for high-risk industries. These industries can include critical infrastructures that are required to adhere to regulations like GDPR. Therefore, the learning and development for these sectors require different competencies and skill development.
“The ECSF ensures that everyone shares the same perspective of cybersecurity roles and skills regardless of geographical and sector-specific barriers,” said Fabio Di Franco, cybersecurity officer, ENISA. “It provides the basis on which organizations, educational institutions and individuals can align their efforts and strategies, promoting a stronger cybersecurity ecosystem. This allows organizations to harmonize their practices with industry standards, learning providers to create curriculum customized for specific skills and individuals to gain valuable insights to bridge skills gaps.”
Frameworks such as the ECSF and NIST are often designed on a broader range. Other frameworks are more specific. The Skills Framework for the Information Age (SFIA), for example, focuses on cloud security skills. If this is not an established business need, this framework will not be necessary and training and development for that sector may not include it.
Managed services providers (MSPs) are another example. MSPs can adopt multiple frameworks to ensure they are able to support clients across a variety of industries. This could drive their training initiatives to closing skills gaps across multiple frameworks and industries.
Implementing Diverse Learning Experiences Globally
When it comes to implementing diverse learning experiences, the organizations that build curriculum for practitioners throughout the security industry should take the lead. It becomes the task of these organizations to implement curriculum plans that support several industries and frameworks in order to ensure they are upskilling people to fill cyber job vacancies. In order to accomplish that, many learning and development organizations build multiple security frameworks into their curriculum.
It's also important for these institutions to ensure that professionals understand the basics of security and how to apply that knowledge to these frameworks. Cybersecurity practitioners will be more successful adhering to frameworks like NIST, the ECSF and GDPR if they understand why these laws exist and how they work.
In addition to the knowledge behind global cyber directives, experts must also emphasize the need for hands-on skills.
“Labs for skills are very popular to prove your skill set because we're talking about skills, competencies and technical labs – instances where not everyone needs technical expertise,” said Di Franco. “Maybe there is governance and compliance with other kinds of expertise, like more communication skills. This is where an apprenticeship is one way that people can get involved with the lab.”
We are more connected on a global scale than ever before. We need to band together to combat international cybercrime. One way to do that is to ensure that the learning industry develops a curriculum that can provide a multi-framework approach to ensure that cybersecurity professionals have a solid knowledge base and understand these processes.
