Structuring a Cybersecurity Curriculum for Non-IT Employees of Micro- and Small Enterprises

What is it about?

Micro- and Small Enterprises (MSE) and the persons working there are often neglected in policies and initiatives concerning cybersecurity and data privacy. Communication strategies are targeting IT-departments or IT-specialists - most MSEs have neither. The Horizon 2020 project GEIGER wants to address this problem by providing a cybersecurity monitoring solution that can be used by IT-laypersons. In addition to an easy-to-use software tool focusing on the monitoring of imminent cyber threats GEIGER develops an Education Ecosystem, which approaches this target groups at different levels: from regular employees, who cannot or don’t want to extensively deal with cybersecurity, to designated persons (internal or external), who are made responsible for monitoring the functioning of GEIGER in a company. To take full account of this, the competence level of individuals and their development are part of the data structure of the GEIGER monitoring. Hence, it also includes automated recommendations to follow certain training sequences included in GEIGER or from other sources. To define the different levels of competence in cybersecurity, i.e. also their development, to propose adequate learning objectives and design pertinent learning materials, GEIGER has elaborated a curriculum.

Featured Image

Why is it important?

The structure of this curriculum follows the conditions and requirements given by the general situation of security threats and learning scenarios in MSEs. It has three main dimensions: ‘levels’ that reflect the competence development within MSE-specific learning environments; ‘pillars’ that reflect the GEIGER-specific topical differentiation in general cybersecurity as well as handling and communicating GEIGER functions; object ‘layers’ that reflect specific cybersecurity threats as they appear for the IT-lay target groups in MSEs.

Perspectives