Examining the efficacy of cybersecurity education at Swedish universities : A qualitative inquiry through interviews

Behzadi, Bahareh

January 2024

In today's digital landscape, information technologies (IT) serve as strategic assets for organizations, underscoring the critical role of cybersecurity in safeguarding valuable assets and preserving organizational competitiveness. Cybersecurity practices aim to protect information systems from unauthorized access, data breaches, and cyber threats. Yet, cybersecurity experts face significant challenges in addressing evolving threats, necessitating continuous investment in IT systems and software. Moreover, the complexity of technology ecosystems exacerbates cybersecurity risks. To address these challenges, organizations hire individuals for specific cybersecurity roles, emphasizing the importance of cybersecurity education and training. By aligning with established frameworks like the European Cybersecurity Skills Framework (ECSF), educational programs can prepare students for diverse cybersecurity roles. This research investigates how Swedish universities align their cybersecurity program content with ECSF roles, aiming to enhance cybersecurity education and workforce development. The study utilized two data collection methods to address the research question. Firstly, information on course content was gathered from the websites of universities offering cybersecurity programs. A qualitative framework-based analysis was then conducted to map each course to the defined roles in the ECSF framework. A total of 91 compulsory course contents from 11 cybersecurity programs across various uni-versities were analyzed, excluding optional courses due to student choice variability. Additionally, seven semi-structured interviews were conducted with course coordinators from these programs. These interviews aimed to gather insights from individuals who play a significant role in shaping the educational curriculum at universities. The examination of cybersecurity courses in Swedish universities, aligned with the European Cybersecurity Education and Professional Training Minimum Reference Curriculum framework, provides insights into the educational environment. Despite variations, every role specified in the ECSF framework is addressed by at least one course in Swedish universities, ensuring students receive education. However, specialized courses such as 'Cybersecurity for Artificial Intelligence (AI)' and 'Machine Learning Security' are limited to only one university, indicating the necessity for wider implementation across institutions. Results of interviews revealed the lack of standardized frameworks guiding the design and evaluation of cybersecurity programs at Swedish universities, alongside limited awareness among stakeholders. This highlights the challenges hindering program adaptability in today’s evolving landscape, including faculty recruitment issues and a lack of industry collaboration. Moreover, the absence of systematic assessment methods for program effectiveness underscores a critical area for future exploration.

Cybersecurity educational programs

European cybersecurity skills framework

systematic assessment

role-based education

Information Systems, Social aspects