Academic literature on the topic 'Cybersecurity certification'

The Occupational Information Network O*NET is considered the primary source of occupational information in the U.S. I explore here possible uses of O*NET data to inform cybersecurity workforce readiness certification programs. The O*NET database is used to map out education requirements and how they relate to professional certifications as required by employers and job designers in accordance with the National Initiative for Cybersecurity Careers and Studies (NICCS). The search focuses on the “Information Security Analysts” occupation as listed on O*NET, Careeronestop, U.S. Bureau of Labor Statistics (BLS), and finally tied back to NICCS source work role to identify certifications requirements. I found that no site has listed any certification as required, desirable or mandatory. NICCS offered general guidance to potential topics and areas of certification. Careeronestop site provided the ultimate guidance for this role certification. Professional certifications are still not integrated in the Cybersecurity Workforce Framework official guidance.

The workforce demand for cybersecurity professionals has been substantial and fast growing. Qualified cybersecurity professionals with appropriate knowledge, skills, and abilities for various tasks and job roles are needed to perform the challenging work of defending the cyber space. The certified information systems security professional (CISSP) certification is a globally recognized premier cybersecurity credential and validation of qualifications. This case study analyzes the CISSP certification requirements, domains and objectives and attempts to map them to the cybersecurity industry competencies and the US national cybersecurity workforce framework (NCWF). This research is an extended study with full mapping of all CISSP domain areas to the knowledge, skills, and abilities in NCWF. The extended study aims to discover the in-depth value and role of reputable certifications such as CISSP in competency development for cybersecurity workforce. This article also discusses the value and implications of the CISSP certification on cybersecurity education and training.

The object of research is the system and schemes of conformity assessment (certification) of cybersecurity of operational technologies (OT), as a set of rules and procedures that describe the objects of certification, determine the specified requirements and provide a methodology for certification. The terminological base and conceptual apparatus of the study of cybersecurity certification of operational technologies are based on the international standard ISO 17000:2020 Conformity assessment – Vocabulary and general principles. Cybersecurity certification systems and schemes are based on assessment standards, the choice and application of which is not unambiguous and historically has many interpretations and application mechanisms. These standards consist of tools, policies, security concepts, security assurances, guidelines, risk management approaches, best practices, safeguards, and technologies. But they have, to one degree or another, a significant drawback – the complexity of transforming the results of information security assessment according to these standards into security guarantees with any wide international recognition. In the context of globalization, this significantly degrades the cybersecurity quality. The main hypothesis of research is that the cybersecurity quality can be improved by converging towards a common methodology that is based on agreed international standards and international best practice for certification. The question of the key role of cybersecurity for operational technologies, which become the basis for Economy 4.0 and are now considered as a new frontier of cybersecurity, is considered. The need to create a system and schemes for certification of OT cybersecurity based on international and European certification principles is shown. A hierarchical model of cybersecurity certification system assessment standards and a hierarchical model of agreements on mutual recognition of cybersecurity certificates have been developed, which will allow a systematic approach to the creation of a system and schemes for OT cybersecurity certification. This provides an opportunity for developers of systems and certification schemes to form OT cybersecurity certification systems based on the principles of wide cross-border recognition of OT cybersecurity certificates.

Cybersecurity of information and communication technologies (hereinafter - ICT) is a key issue for maintaining the functioning and security of the digital economy and public administration in the soon. An important role in the field of cybersecurity is played by the conformity assessment (certification) of cybersecurity. This may apply to the cybersecurity of ICT components, products, equipment, services and processes, to the cybersecurity of cloud services, to the cybersecurity of technological processes, to personal competence in the field of cybersecurity, and so on. Cybersecurity certification rules, procedures, and management establish a certification scheme, and a set of rules and procedures for managing similar or related conformity assessment schemes form a certification system. Creating cybersecurity certification schemes is a priority and relevant today. There are now a number of systems and assessment standards that can be applied to cybersecurity certification, but they do not ensure mutual recognition of test laboratory test and evaluation procedures and results, and the pursuit of harmonized and comparable cybersecurity assessment and implementation procedures. This situation is a global problem. Accordingly, the current legislation of Ukraine in the field of cybersecurity sets tasks for the application of the best international and European principles of conformity assessment of information and cybersecurity. The creation of cybersecurity certification systems and schemes based on international and European principles of conformity assessment requires appropriate scientific and methodological support. The article proposes a hierarchical model of assessment standards for the cybersecurity certification system and a hierarchical model of agreements on mutual recognition of cybersecurity certificates. Also, in the article, based on these models, the basics of the Cyber Security Certification System and Cyber Security Certification Schemes for ICT products and cloud services are proposed, with an emphasis on such elements as: assessment standards; accreditation of certification bodies; mutual recognition of certification results

Wannacry Ransomware epidemics have attacked several high-profile companies in European Union creating an EU-wide cybersecurity crisis in the digital economy and social order. In response, European Union established an appropriate regulation in cybercrime namely The Cybersecurity Act. The Act as an international regime does not only gives a permanent mandate that strengthens European Union Agency for Network and Information Security (ENISA) but also establishes The EU Cybersecurity Certification Scheme in order to increase cybersecurity and build cyber resilience in the European Union Digital Single Market. This paper investigates how does the Cybersecurity Act as a business law in maintaining cybersecurity aspect on the European Union Digital Single Market through the theory of neoliberal institutionalism as a framework of thinking. After a series of conduction of literature reviews, this research argues that The Cybersecurity Act would be an appropriate regulation in dealing with the cybersecurity crisis in the digitalized market order. The standardization in The EU Cybersecurity Certification Scheme regulated by The Cybersecurity Act would improve cybersecurity and build cyber resilience in the European Union Digital Single Market.

This study aims to analyze and examine the influence of internal auditor certification, risk assessment, and the role of senior management on the effectiveness of cybersecurity for internal auditors who have experience in cybersecurity and information technology. This research method is a quantitative method, data analysis uses structural equation modeling (SEM) with SmartPLS 3.0 software tools. The population of this study is internal auditors who have experience in cybersecurity and information technology. The sample for this study was 480 respondents who were determined by the snowball sampling method. The research data was obtained from an online questionnaire which was distributed via social media. The questionnaire was designed using a Likert scale of 1 to 5. The stages of data analysis were validity test, reliability test and significance test. The results of this study indicate that internal auditor certification has a positive effect on cybersecurity effectiveness, risk assessment has a positive effect on cybersecurity effectiveness, and the role of senior management has a positive effect on cybersecurity effectiveness.

Abstract Cybersecurity Maturity Model Certification (CMMC) 2.0 represents the most recent iteration of the US Department of Defense's cybersecurity regulations. The CMMC 2.0 framework was developed to improve the cybersecurity posture of defense contractors and their supply chain, including heat treaters. This article reviews key requirements and how DoD contractors can prepare for compliance.

The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.

As of the beginning of 2021, a set of new requirements has been introduced by the International Maritime Organization (IMO), necessitating established rules and measures about the cybersecurity of the ship’s systems. That is to ensure a certain level of cybersecurity onboard, as well as re-occurring training of onboard staff, is required, to maintain cybersecurity measures. That leads to a new vector of postgraduate certification and namely – ships’ system cybersecurity and cybersecurity management. Its purpose is to provide the necessary knowledge and skills, related to fulfilling the requirements of the IMO. This paper examines some aspects of education and training of the ship’s crew regarding cybersecurity.

У дисертації здійснено цілісний порівняльний аналіз професійної підготовки майбутніх магістрів з кібербезпеки в університетах Великої Британії з метою запозичення прогресивних ідей досвіду для впровадження окремих його елементів у вітчизняну освітню практику. Обґрунтування нових концептуальних підходів до вдосконалення професійної підготовки магістрів з кібербезпеки потребує в контексті інтеграції України до європейського освітньо-інформаційного простору ретельної уваги до результатів наукових пошуків і прогностичних ідей зарубіжного досвіду, зокрема Великої Британії. Схарактеризовано стан дослідження проблеми професійної підготовки магістрів з кібербезпеки в психолого-педагогічній літературі, обґрунтовано залежність розвитку кібербезпекової політики від рівня професійної компетентності фахівців із кібербезпеки. З’ясовано, що зовнішня та внутрішня безпека держави, захист інтересів і здоров’я її громадян, особистої інформації залежать від якісної й ефективної діяльності інституцій і структур, які надають послуги з інформаційної безпеки, тобто від професійної компетентності фахівців із кібербезпеки. Проаналізовані вимоги міжнародних організацій («ENISA», «IMPACT», «OSCE», «NSA») до професійної діяльності та підготовки фахівців із кібербезпеки відображено у формулюванні цілей, конкретизації змісту, форм, методів і технологій професійної підготовки магістрів з кібербезпеки, в обґрунтуванні їхніх професійних компетентностей у кіберпросторі. Зафіксовано напрями кібербезпекової політики у Великій Британії: узгодженість критеріїв глобального індексу кібербезпеки та сприяння досягненню основних цілей і концептуальних рамок «Програми глобальної кібербезпеки»; створення платформи для кібербезпеки різних секторів економіки; розроблення спеціальних інформаційних систем і технологій, окремих програмних продуктів; активний розвиток державно-приватного партнерства щодо обміну інформацією про кіберзагрози, управління кіберінцидентами, розроблення галузевих стандартів та рамкових програм кібербезпеки з представниками бізнесу, науки й громадськості; запровадження системи сертифікації компаній та фахівців; залучення бізнесу до фінансування університетських освітніх програм у сфері кібербезпеки та створення спеціальних центрів обміну досвідом. На підставі аналізу законодавчої бази в галузі кібербезпеки Великої Британії підсумовано, що вона є доволі складною та дуже швидко змінюється. Відповідно до професійних стандартів, визначено мету підготовки магістрів з кібербезпеки, яка полягає в поглибленні фахових знань (розуміння ключових понять, принципів, технологій і практики), розвитку професійних навичок та методологічних умінь із питань кібербезпеки. Описано особливості організації освітнього процесу підготовки магістрів в університетах Великої Британії. Унаслідок опрацювання навчальних планів й освітніх програм провідних університетів Великої Британії зроблено висновок, що змістовий компонент органічно поєднує фундаментальну, фахову, науково-дослідницьку й практичну підготовку, сприяючи задоволенню перспективних кар’єрних можливостей і науково-професійному зростанню в галузі кібербезпеки. З’ясовано, що практична підготовка магістрів – обов’язковий компонент змісту програм, що передбачає різні форми (стажування, інтернатура, участь у наукових і міжнародних проектах, волонтерство, менторство, робота з партнерами). Виявлено, що підвищення якості професійної підготовки магістрів з кібербезпеки в університетах Великої Британії досягають завдяки використанню інтерактивних форм, методів та технологій навчання. Застосування інноваційних методів і технологій навчання спрямоване передовсім на вдосконалення результатів навчання магістрів, розвиток мотивації до навчання, удосконалення практичного досвіду. З’ясовано, що особливу увагу зосереджено на розвитку проектних умінь у виконанні дослідницької діяльності. Також підготовка магістрів передбачає професійне та наукове стажування, що є органічною частиною освітньої програми та працевлаштування. Магістрантам пропонують, зокрема, допомогу в розробленні резюме, у розвитку навичок співбесіди тощо. Досліджено сучасний стан підготовки магістрів з кібербезпеки в закладах вищої освіти України, виконано порівняльно-педагогічний аналіз особливостей професійної підготовки магістрів з кібербезпеки у Великій Британії та Україні. На підставі вивчення досвіду Великої Британії обґрунтовано науково-методичні рекомендації щодо вдосконалення професійної підготовки магістрів з кібербезпеки в ЗВО України за такими рівнями: стратегічний; організаційний; змістовий; технологічний. Наукова новизна одержаних результатів полягає в тому, що: уперше виявлено організаційно-дидактичні особливості професійної підготовки магістрів з кібербезпеки в університетах Великої Британії (вільний вибір індивідуальної освітньої траєкторії для кар’єрного просування на засадах інтеграції й диверсифікації освітніх програм, сертифікації професійної кваліфікації; стандартизація та міждисциплінарність змісту, професійна й дослідницька спрямованість, узгодженість із вимогами та потребами кіберполітики; прикладний характер освітніх програм; високий рівень організації самостійного дослідження й пошуково-дослідницької діяльності; інноваційність та інтерактивність форм, методів і технологій навчання); виконано порівняльно-педагогічний аналіз професійної підготовки магістрів з кібербезпеки в університетах Великої Британії й України; окреслено можливості імплементації конструктивних ідей британського досвіду для вдосконалення професійної підготовки магістрів з кібербезпеки в університетах України; удосконалено змістове й навчально-методичне забезпечення для професійної підготовки магістрів з кібербезпеки в університетах України (розроблено авторський спецкурс); набули подальшого розвитку положення щодо сутнісних характеристик і змістового наповнення поняття «професійна підготовка магістрів з кібербезпеки» та його інтерпретації відповідно до зарубіжної й української семантики; стосовно сучасних тенденцій розвитку ІТ-освіти в умовах формування глобальногокібербезпечного простору. Практичне значення роботи засвідчує підготовка науково-методичних рекомендацій «Професійна підготовка магістрів з кібербезпеки: досвід Великої Британії», де обґрунтовано шляхи використання прогресивних ідей британського досвіду для модернізації професійної підготовки майбутніх магістрів з кібербезпеки в Україні. Основні положення, теоретичні висновки, джерельну базу дослідження варто залучати під час розроблення освітніх стандартів підготовки магістрів з кібербезпеки, спецкурсів і спецсемінарів для підготовки майбутніх фахівців ІТ-галузі, удосконалення організації професійної підготовки майбутніх фахівців із кібербезпеки в Україні.
The thesis presents a comprehensive comparative analysis of professional training of Masters in Cybersecurity at UK universities to implement innovative aspects of such experience in the Ukrainian system of education. The justification of new conceptual approaches to improving professional training of Masters in Cybersecurity should pay special attention to the results of scientific research and prognostic ideas of the international experience, in particular, that of the UK, in the context of Ukraine’s integration into the European Higher Education Area. The thesis describes the coverage of professional training of Masters in Cybersecurity in the psycho-pedagogical literature and justifies the dependence of the development of cybersecurity policy on the level of professional competency of specialists in cybersecurity. It specifies that both the external and internal security of the state, as well as the protection of interests, health and personal information of its citizens, depends on high-quality activities of institutions and organizations providing information security services, that is on professional competency of specialists in cybersecurity. It analyzes the requirements of international organizations (“ENISA”, “IMPACT”, “OSCE”, “NSA”) for professional activities and training of specialists in cybersecurity which are reflected in the formulation of goals, the specification of the content, forms, methods and technologies of professional training of Masters in Cybersecurity, as well as in the justification of their professional competencies in cyberspace. It singles out the following areas in the UK cybersecurity policy: the coherence of criteria of the Global Cybersecurity Index (GCI) and the promotion of the main goals and conceptual frameworks of the Global Cyber Security Programme; the creation of a platform for the cybersecurity of different sectors of the economy; the development of special information systems and technologies, as well as separate software products; the active establishment of public-private partnerships on cyber-threat information sharing and cybersecurity incident management; the elaboration of cybersecurity industry-standards and framework programmes with business, science and the public; the introduction of a certification system for companies and specialists; the involvement of business in financing degree programmes in Cybersecurity; the establishment of special centres for sharing experience. The analysis of regulatory documents in the field of cybersecurity in the UK shows that it is somewhat complicated and changes rapidly. According to professional standards, the goals of masters programmes on Cybersecurity include consolidating professional knowledge (understanding key concepts, principles, technologies and practices) and developing professional and methodological skills in cybersecurity. Also, the thesis describes the characteristics of the educational process in the context of masters training at UK universities. The study of degree programmesand curricula of the leading UK universities shows that the content of such training organically combines fundamental, professional, research and practical training, contributing to the pursuit of career prospects and scientific and professional growth of cybersecurity. The thesis clarifies that practical training of masters training is a compulsory component of the content of masters programmes, which involves various forms (internships, participation in scientific and international projects, volunteering, mentoring, working with partners). It finds that the quality of masters programmes on Cybersecurity at UK universities is enhanced by using interactive teaching forms, methods and technologies. It must be noted that the use of innovative teaching methods and technologies is primarily aimed at improving the results of masters training, boosting motivation towards learning and enhancing practical experience. Particular attention is paid to the development of project skills while conducting research. Masters training also includes professional and research internship, which is an organic part of degree programmes and employment. Students can be offered to assist in creating a CV and developing interviewing skills. Finally, the thesis explores the current conditions of masters programmes on Cybersecurity at Ukrainian universities and presents a comparative pedagogical analysis of the peculiarities of professional training of Masters in Cybersecurity in the UK and Ukraine. The study of the UK experience has made it possible to justify scientific and methodological recommendations for improving professional training of Masters in Cybersecurity at Ukrainian universities at the strategic, organizational, content-related and technological levels. The scientific value of the obtained results is as follows: for the first time, the organizational and didactic peculiarities of professional training of Masters in Cybersecurity at UK universities (a free choice of an individual educational trajectory for career advancement based on the integration and diversification of degree programmes and the certification of professional qualifications; the standardized and interdisciplinary content of professional training; professional and research focus; the consistency with the requirements and needs of cyber policy; an applied nature of degree programmes; a high level of independent research and research activities; innovative and interactive forms, methods and technologies of teaching and learning) have been revealed; professional training of Masters in Cybersecurity at UK and Ukrainian universities has been comparatively and pedagogically analyzed; the possibilities of implementing innovative ideas of the UK experience with the aim to improve professional training of Masters in Cybersecurity at Ukrainian universities have been outlined; the content and the instructional-and-methodological support of professional training of Masters in Cybersecurity at Ukrainian universities have been improved (the author’s specialized course has been developed); the statements on the essential characteristics and the content of the concept of “masters training in Cybersecurity” and its interpretation in accordance with the international and Ukrainian semantics, as well as on current trends in the development of IT education under the conditions of creating global cybersecurity space, have been further developed. The practical value of the obtained results can be proved by the author’s instructional-and-methodological recommendations, titled “Professional Training of Masters in Cybersecurity: the UK Experience”, which justify the ways of using innovative ideas of the UK experience to update professional training of Masters in Cybersecurity in Ukraine. The main principles, theoretical conclusions and sources of this research should be included in the development of education standards on professional training of Masters in Cybersecurity, specialized courses and special seminars on professional training of IT specialists, as well as in the improvement of professional training of future specialists in cybersecurity in Ukraine.

A tecnologia tem um papel importante na nossa vida privada, nas empresas e nos Estados a nível global. Dependemos da tecnologia para comunicar, trabalhar, para as atividades sociais, saúde, energia, transportes e para inovar de forma mais ecológica. Desde 1985 que começaram a ser formuladas políticas e iniciativas europeias de cibersegurança, inicialmente como soluções para melhorar a economia, progressivamente, como uma forma de proteger as infraestruturas críticas, e com uma abordagem abrangente e coesa que envolve também cibercriminalidade, inovação tecnológica e ciberdefesa. Tendo em conta o novo regulamento de cibersegurança, que entrou em vigor em 2019, com o objetivo de aumentar o nível de cibersegurança europeu e evitar a fragmentação do mercado interno dos sistemas de certificação diversos, o objetivo desta dissertação é analisar que impactos podemos identificar na sua implementação e quais os contributos para a construção do projeto europeu de cibersegurança para lá de ser apenas uma ferramenta de harmonização do mercado interno. Para tal, iremos utilizar o método de implementação de política de Sabatier e Mazmanian (1983), dado o regulamento de cibersegurança ser de adesão voluntária e dependente de incentivos estatais. O estudo de caso alemão é apresentado como exemplo.
Technology has an important role in our private lives, business and states at a global level. We rely on technology to communicate, to work, for social activities, health, energy, transportation and to innovate in a green way. Since 1985 the European Union started to formulate initiatives and cybersecurity policy, in the beginning as a solution to enhance the economy, after was as a way to protect critical infrastructures and as a broad and cohesive way that involves ciber criminality, technological innovation and cyber defense. The creation of the new Cybersecurity Act, which entered into force in 2019, has the objectives of increasing the level of European cybersecurity and to avoid the fragmentation of the European market from the large number of certification schemes. It is the objective of this dissertation to analyze the impacts that the Cybersecurity Act will have in its implementation and what contribution will it have in the construction of the European cybersecurity project and not just being a tool to harmonize the market. For this reason, we will use the policy implementation method from Sabatier and Mazmanian (1983), because the Cybersecurity Act is of voluntary adherence and it depends on national incentives. We also present Germany as a case study example.

AbstractAVENUE’s technological interest lies in those state-of-the-art technologies and solutions that either are already commercial or close to the market and are expected to reach commercialisation within the following years. For the successful implementation of the project activities, a wide range of technological as well as non-technological elements will be employed, adapted, integrated, and, where required, partially developed. The present chapter focuses on those connected automated vehicle (CAV) technologies from the perspective of cybersecurity, delving into questions on in-vehicle, back-end, and infrastructure, including the communications between vehicle to vehicle (V2V), vehicle to infrastructure (V2I), vehicle to cloud (V2C), vehicle to everything (V2X), software safety, as well as security and privacy by design principles for the development of connected devices. Furthermore, non-technological issues cover stakeholder and user acceptance, regulatory and legislative requirements, a new standardisation progress, ethical considerations, and vehicle and technology certifications and licensing. The purpose of this chapter is to present the project context and relating it to the potential cyber assaults and data privacy threats. It further delineates the conducted assessment and the provided recommendations which were built based on the key standards and regulations wrapping together CAVs, cybersecurity, and personal data protection pursuits.

The chapter looks at the burgeoning field of certification for individuals in the field of information security or cybersecurity. Individual information security certifications cover a wide range of topics from the deeply technical to the managerial. These certifications are used as a visible indication of an individual's status and knowledge, used to define experience and status, used in job descriptions and screening, and may define expectations placed on the individual. This chapter examines how these certifications are produced, the subjects they cover, and how they integrate and the various audiences to which the certifications are aimed. The role, the perceived and real value, and benefits of certification within the field of information security both from an individual and an organizational perspective are discussed. Finally, some conclusions on certification are presented.

The chapter looks at the burgeoning field of certification for individuals in the field of information security or cybersecurity. Individual information security certifications cover a wide range of topics from the deeply technical to the managerial. These certifications are used as a visible indication of an individual's status and knowledge, used to define experience and status, used in job descriptions and screening, and may define expectations placed on the individual. This chapter examines how these certifications are produced, the subjects they cover, and how they integrate and the various audiences to which the certifications are aimed. The role, the perceived and real value, and benefits of certification within the field of information security both from an individual and an organizational perspective are discussed. Finally, some conclusions on certification are presented.

The workforce demand for cybersecurity professionals has been substantial and fast growing. Qualified cybersecurity professionals with appropriate knowledge, skills, and abilities for various tasks and job roles are needed to perform the challenging work of defending the cyber space. The certified information systems security professional (CISSP) certification is a globally recognized premier cybersecurity credential and validation of qualifications. This case study analyzes the CISSP certification requirements, domains and objectives and attempts to map them to the cybersecurity industry competencies and the US national cybersecurity workforce framework (NCWF). This research is an extended study with full mapping of all CISSP domain areas to the knowledge, skills, and abilities in NCWF. The extended study aims to discover the in-depth value and role of reputable certifications such as CISSP in competency development for cybersecurity workforce. This article also discusses the value and implications of the CISSP certification on cybersecurity education and training.

The Cybersecurity Curricular Guidelines, a joint effort of the ACM, IEEE Computer Society, AIS SIGSAC, and IFIP WG 11.8, were created to provide developers of cybersecurity curricula with guidelines for material to include. The curricular guidelines have eight knowledge areas, broken down into knowledge units and topics. Underlying cross-cutting concepts provide linkages among the knowledge areas. Disciplinary lenses enable the developer to emphasize the knowledge units appropriate to the goals of the developed curricula. Each knowledge area also includes a list of essential concepts that all curricula should cover to an appropriate depth. The guidelines can be linked to workforce frameworks and certification criteria as well as academic curricula.