Prog.PhD STI
Adm. – Grad.2018 – 
Dir.; Codir.Stéphane Gagnon; Raul Valverde

Implementing information technologies with an ontology of cybersecurity professional skills

Léger, Marc-André

Problem: Standards of professional cybersecurity skills are numerous and complex. They are difficult to integrate and exploit for talent management in organizations. We propose to take advantage of the Business Technology Management (BTM) to facilitate the integration of skills repositories, proprietary standards, and open standards. 

Methodology: Using an Action Design research methodology, we propose to develop and test an innovative ontology of cybersecurity professional skills for talent management of large organizations, specifically in the financial services industry in Canada. Our open collaborative development lifecycle involves a community of experts.

Contributions: We focus on three main deliverables:

• First, we present how the ontology will be built, in the second we present how the ontology is mapped to our subject domain and, finally, in the third article we build and validate the ontology, as presented in the first article:  Ontology engineering methodology for cybersecurity requirements in Business Technology Management (BTM).

• Second, following what was proposed in the first article, we will create the ontology using OWL Protégé corresponding with the requirements of a large Canadian financial institution aligned with the National Cybersecurity Workforce Framework (NCWF) (NIST) from the National Initiative for Cybersecurity Education (NICE) by the National Institute of Science and Technology (NIST). This work is presented in the second article: Ontology alignment between cybersecurity competency reference models and the requirements of large financial institutions.

• Third, we will look at the opportunity of using the ontology to help a large Canadian financial institution in the management of cybersecurity talent: Cybersecurity ontology as a rules-based competency management system in financial institutions.

Outcome: This study should contribute to improve information security and risk management performance in the field of Business technology Management and Cybersecurity. A better understanding of the competency needs of financial institutions will help to reduce vulnerabilities associated to the human factor caused by gaps in competencies, knowledge, skills, and abilities as well as the talent shortage. The human factor remains the biggest security hole in organizations and solutions are lagging. By creating a tool that will help to match individuals, competencies, competency frameworks, organizational requirements, and obligations, we can significantly impact the effectiveness of risk management activities and the efficiency of cybersecurity.