Competency-based cybersecurity training and awareness: a systematic literature review

Formación y concienciación en ciberseguridad basada en competencias: una revisión sistemática de literatura

Abstract

The ability of an organization to face threats and to overcome vulnerabilities in cybersecurity depends to a large extent on the level of training and awareness of its personnel and consequently on the existence of a competency framework that identifies the indicators in training awareness required for each job.
This article offers a systematic review of the literature to explore the use of competency models when developing training and awareness programs in cybersecurity aimed at non-technical personnel in organizations.
An examination of the literature shows that, although there is a high number of studies that address cybersecurity training and awareness, research related to competency models for non-specialized personnel is significantly scarce, methodologies have not evolved significantly, and the few skills models available incorporate job profiles in a limited way.
As a result, and with the aim to advance the knowledge in this particular field, this article presents a model based on competencies for non-ICT personnel which includes the configuration of training and awareness plans according to job profiles, thus incorporating into the general map of competencies of organizations the necessary cybersecurity competencies.