Content Assessment: Building a Cybersecurity Workforce? The European Cybersecurity Skills Framework
Information - 95%
Insight - 94%
Relevance - 92%
Objectivity - 93%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the recently released publications from the European Union Agency for Cybersecurity (ENISA) on building cybersecurity workforces.
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services, and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building, and awareness-raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.
Designed to contribute to building a competent cybersecurity workforce, the European Cybersecurity Skills Framework was the focus of the recent Cybersecurity Skills Conference organized by ENISA. This new framework may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand and address cybersecurity threats.
The European Cybersecurity Skills Framework (ECSF)
European Union Agency for Cybersecurity (ENISA)
The European Cybersecurity Skills Framework (ECSF) is the result of the joint effort of ENISA and the ENISA Ad-hoc working group on Cybersecurity Skills Framework.
The aim of the ECSF is to create a common understanding of the relevant roles, competencies, skills, and knowledge; to facilitate cybersecurity skills recognition; and to support the design of cybersecurity-related training programs. It summarises all cybersecurity-related roles into 12 profiles, which are individually analyzed into the details of the responsibilities, skills, synergies, and interdependencies it corresponds to.
The ECSF provides an open European tool to build a common understanding of the cybersecurity professional role profiles and common mappings with the appropriate skills and competencies required.
The framework is complemented by a user manual, which constitutes a practical guide for its utilization, based on examples and use cases. The manual includes three examples for private organizations, that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which represent the experience of seven organizations using the ECSF in different contexts.
ECSF Goals in Brief
- Use of the ECSF ensures a common terminology and shared understanding between Cybersecurity professional demand (workplace, recruitment) and supply (qualification, training) across the EU.
- The ECSF supports the identification of a critical skill-set required from a workforce perspective. It enables learning providers to support the development of this set and policymakers to support targeted initiatives to mitigate the identified skills gap.
- The framework facilitates the understanding of leading Cybersecurity professional roles and the required essential skills -including soft skills- and sometimes also legislative aspects. In particular, it enables non-experts and HR departments to understand the requirements for cybersecurity-support resource planning, recruitment, and career planning.
- The framework promotes harmonization in cybersecurity education, training, and workforce development. At the same time, this common European language for the cybersecurity skills and roles context connects well with the entire ICT professional domain.
- The ECSF contributes to achieving enhanced shielding against cyber-attacks and ensuring secure IT systems in society. It provides a standard structure and advises on how to implement capacity building within the European cybersecurity workforce.
More Information about the ECSF
The cybersecurity workforce shortage and skills gap are major concerns for both economic development and national security, especially in the rapid digitization of the global economy. Thus, the development of a European Cybersecurity Skills Framework taking into account the needs of the EU and each one of its Member States was an essential step toward Europe’s digital future.
The framework provides a practical tool to support the identification and articulation of tasks, competencies, skills, and knowledge associated with the roles of European cybersecurity professionals. The main purpose of the framework is to create a common understanding between individuals, employers, and providers of learning programs across EU Member States, making it a valuable tool to bridge the gap between the cybersecurity professional workplace and learning environments.
The Framework will strengthen European cybersecurity culture, by providing a common European language across communities, thus making an essential step forward towards Europe’s digital future.
The 12 cybersecurity role profiles defined by the framework provide a common understanding of the main cybersecurity missions, tasks and skills needed in a professional cybersecurity context, making it the perfect reference for profiling skills and knowledge needed by cybersecurity professionals. The framework was designed to be easily understood and comprehensive enough to provide appropriate in-depth cybersecurity insights as well as flexible enough to allow customization based on each user’s needs. By incorporating all stakeholder perspectives, the framework is applicable to all types of organizations and supports the development of all cybersecurity professions.
The framework consists of 2 documents:
- The ECSF Role Profiles Document – Listing the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, and competencies.
- The ECSF User Manual Document – Providing guidance and practical examples on how to leverage the framework and benefit from it as an organization, provider of learning programs, or individual.
European Cybersecurity Skills Framework Role Profiles
European Cybersecurity Skills Framework User Manual
- [Annual Update] International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.