Information security education based on job profiles and the e-CF

The information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the underlying competence framework e-CF.

The research is a case study, using Design Science. Starting point is the specification of the learning goals for a cybersecurity master curriculum, using a generic PvIB job profile and the underlying competence framework e-CF. The curriculum has subsequently been developed, using backward design. Thereafter, the curriculum has been submitted for accreditation to test the successfulness of the approach.

A generic job profile and a competence framework such as the e-CF support the development of standardised education. The generic PVIB job profile used works well. The e-CF can be useful, but requires modifications and the introduction of sub-competences. However, the main complaint concerning the e-CF is the use of examples instead of mandatory content.

Competence frameworks are available to formulate job descriptions, and are also suited for developing standardised education. Little research has been done on this. This case study shows that a competence framework is a useful tool for developing standardised education, although the e-CF may not be the most appropriate.