Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1167

A Proposal of Cybersecurity Technical Response Job Competency Framework and its Applicable Model Implementation  

Hong, Soonjwa (Cyber Security Training and Exercise Center)
Park, Hanjin (The Affiliated Institute of ETRI)
Choi, Younghan (Cyber Security Training and Exercise Center)
Kang, Jungmin (Cyber Security Training and Exercise Center)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1167-1187 More about this Journal
Abstract
We are facing the situation where cyber threats such as hacking, malware, data leakage, and theft, become an important issue in the perspective of personal daily life, business, and national security. Although various efforts are being made to response to the cyber threats in the national and industrial sectors, the problems such as the industry-academia skill-gap, shortage of cybersecurity professionals are still serious. Thus, in order to overcome the skill-gap and shortage problems, we propose a Cybersecurity technical response Job Competency(CtrJC) framework by adopting the concept of cybersecurity personnel's job competency. As a sample use-case study, we implement the CtrJC against to personals who are charged in realtime cybersecurity response, which is an important job at the national and organization level, and verify the our framework's effects. We implement a sample model, which is a CtrJC against to realtime cyber threats (We call it as CtrJC-R), and study the verification and validation of the implemented model.
Keywords
Cybersecurity Competency; AMCJT; CtrJC; CtrJC-R;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 McKinsey Digital, "Risk and responsibility in a hyperconnected world", Jan. 2014. Accessed Nov. 2020. https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/risk-and-responsibility-in-a-hyperconnected-world-implications-for-enterprises
2 Global Cyber Security Centre, "Cybersecurity Capacity Maturity Model for Nations (CMM) Revised Edition", Mar. 2016. accessed Nov. 2010. https://gcscc.ox.ac.uk/the-cmm
3 Rafael Dean Brown, "Towards a Qatar Cybersecurity Capability Maturity Model with a Legislative Framework" Jornal of International Review of Law, Vol. 2018 No. 4, Mar. 2018. DOI https://doi.org/10.29117/irl.2018.0036   DOI
4 US Department of Energy, "Cybersecurity Capability Maturity Model (C2M2) Program". Accessed Nov. 2020. https://www.energy.gov/ceser/energy-security/cybersecurity-capability-maturity-model-c2m2-program
5 NIST, "Cybersecurity Framework Version 1.1". Accessed Nov. 2020. https://www.nist.gov/cyberframework/framework
6 NIST, "Framework for Improving Critical Infrastructure Cybersecurity Version 1.1", Apr. 2018.
7 H. S Venter and J. H. PE loff, "A taxonomy for information security technologies", Computers & Security Volume 22, Issue 4, pp. 299-307, May 2003.   DOI
8 Language Technologies Institute of Carnegie Mellon University, "Cybersecurity Taxonomy". accessed Nov. 2020. http://www.cs.cmu.edu/-dklaper/cybersecurity/website/
9 David Klaper, Eduard Hendrik Hovy, "A taxonomy and a knowledge portal for cybersecurity", Proceedings of the 15th Annual International Conference on Digital Government Research, pp. 79-85, June 2014.
10 Vrije Universteit Brussel, "Taxonomy of Security Products, Systems and Services.", Deliverable 1.2 CRISP project, Apr. 2014. accessed Nov. 2020. https://www.trilateralresearch.com/wp-content/uploads/2018/09/CRISP-D1.2-Taxonomy-of-Security-Products-Systems-Services_REVISED.pdf
11 Javidan, M. "Core competence: What Does it Mean in Practice?", Long Range Planning, 31(1), pp. 60-71. Feb. 1988. https://doi.org/10.1016/S0024-6301(97)00091-5   DOI
12 European Commission, Joint Research Centre(JRC), "A Proposal for a European Cybersecurity Taxonomy", 2019. accessed Nov. 2020. https://publications.jrc.ec.europa.eu/repository/bitstream/JRC118089/taxonomy-v2.pdf
13 Kyoo-wang Kyeong, "A Study on the Performance-based job Analysis Method based on NCS", Doctorial Thesis of Graduate School of Korea National University of Transportation, pp. 8-9, Dec. 2018.
14 Lee, Min Kyung, "A Study on Improvement of Project Competency for Small IT Companise through SWOT-AHP Analysis", Master's Thesis of Hanayang University, pp 5-6, Aug. 2018.
15 The Korean Association For Regional Information Society, Development of job analysis techniques for efficient organization management, Prism of Ministry of the Interior and Safety, pp. 5-6, Dec. 2008. accessed Nov. 2020.
16 Younghan Choi, Insook Jang, Inteck Whoang, Taeghyoon Kim, Soonjwa Hong, Insung Park, Jinsoek Yang, Yeongjae Kwon, Jungmin Kang, "Design and Implementation of Cyber Range for Cyber Defense Exercise Based on Cyber Crisis Alert", Journal of the Korea Institute of Information Security & Cryptology 30(5), pp. 805-821, Oct. 2020.   DOI
17 The NATO Cooperative Cyber Defence Centre of Excellence, "Locked Shields," accessed Nov. 2020. https://ccdcoe.org/exercises/locked-shields/
18 NIST, SP 800-181, "National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework", Aug. 2017,
19 Oltsik, J. "The cybersecurity skills shortage is getting worse". ESG Blogs, 10 Jan. 2019. Accessed Nov. 2020. www.esg-global.com/blog/the-cybersecurity-skills-shortage-is-getting-worse
20 (ISC)2, "Strategies for building and growing strong cyber security teams: (ISC)2 Cybersecurity Workforce Study", 2019. Accessed Nov. 2020. https://www.isc2.org/Research/2019-Cybersecurity-Workforce-Study
21 Cyberseek, "cyberseek", https://www.cyberseek.org/ accessed Nov. 2020.
22 ENISA, "Cybersecurity Skills Development in the EU", 26 Mar. 2019.
23 Soonjwa Hong, "A Study on the Framework of Comparing New Cybersecurity Workforce Development Policy Based on the ATE Programs of U.S.", Journal of the Korea Institute of Information Security & Cryptology 28(1), pp. 249-267, Feb. 2018.   DOI
24 Korea Information Security Industry Association, "Survey on Information Security", Jan. 2020.
25 Korea Information Security Industry Association, "Survey for Information Security Industry in Korea: Year 2019", Dec. 2019.
26 Risto Hansen, "Cyber security capability assessment", Master's Thesis of Tallinn University of Technology, Nov. 2016.
27 PwC & Iron Mountain, "Beyond Cyber Threats: Europe's First Information Risk Maturity Index" Mar. 2012.