Abstract
This chapter traces the evolution of cybersecurity skills requirements and development over the past 40 years, from the early days of computer security (Compusec) to the present day. The development of cybersecurity skills is traced from an initial focus upon national security and confidentiality through to the current recognition as business driver. The main part of the chapter concentrates on the development of a specific skills framework from the Institute of Information Security Professionals. Originally conceived in 2006 and initially used for purposes of membership accreditation, the IISP Skills Framework has since been used extensively by commerce, industry, government and academia in the UK and more widely. Version 2 of the framework was published in 2016, and the chapter discussion outlines both the original structure and the notable changes in the later release. These developments collectively illustrate the ongoing recognition of cybersecurity skills, as well as the evolution of the skills themselves.
TopBackground
In this section, we cover cybersecurity perspectives from the 1970s to the early 2000s, showing the changes in skill requirements.
Key Terms in this Chapter
Security Discipline: A collection of skill groups with a common high-level focus (e.g., governance, assurance, etc.).
Skill Level: A scale of six (formerly four) levels defining the level of knowledge, understanding, and practical competence in a cyber security skill.
Cyber Resilience: The ability of an organization to deliver continuously the intended outcome despite adverse cyber events, including the ability to respond holistically to adverse cyber events and to restore regular delivery mechanisms.
Skills Framework: A framework of cyber security skills developed and maintained by the Institute of Information Security Professionals.
Vulnerability Assessment: The assessment of an IT system, infrastructure, or application to identify potential public domain vulnerabilities. Vulnerability assessment differs from penetration testing in that no attempt is made to exploit the identified vulnerabilities.
Threat Intelligence: The collection of intelligence related to cyber security threats to an organization. Sources include open source intelligence, social media intelligence, and the dark web.
Penetration Testing: The assessment of an IT system, infrastructure, or application to identify public domain vulnerabilities and assess the risk of these being exploited.
Skill (Skill Group): The definition of a skill of group of skills against which a cyber security practitioner can be assessed.