The provision of  greater emphasis on cybersecurity topics including security-by-design and privacy-by-design in university curricula

Certain cybersecurity topics have not attracted the attention they deserve in university curricula. Some of these cyber topics will have broad applicability in the near future.

Security-by-Design and Privacy-by-Design

Security-by-design seeks to minimise the flaws in a system that could compromise its security. This is possible only by integrating security into the entire developmental lifecycle of a system, including specification, design, testing and deployment. This knowledge topic is becoming more relevant with rapidly evolving fields, such as autonomous vehicles and the Internet of Things (IoT). For example, using only the current security model, where safety and security vulnerabilities are addressed (or fixed or patched) when they are found, one cannot produce an autonomous vehicle that is certain to be as safe and secure as possible from the start.

Privacy-by-design or privacy-as-default means “data protection through technology design”, and this is only possible when privacy is considered and integrated into the technology when it is created. This has become more relevant in the context of big data analytics, where privacy has become a serious concern due to the extensive collection and processing of personal information. Therefore, it is of the utmost importance to teach students this knowledge and provide them with these skills, so that future systems will be less vulnerable to security attacks than at present and are able to fulfil privacy obligations.

System Retirement

The development of public IT systems is often based on calls for tender and contracts offered for a limited time period only, in which case there is a major security risk when data is migrated from an old system, with its own security enforcement mechanisms, to a new system with different mechanisms. Therefore, universities should prepare students with the knowledge and skills to avoid or mitigate such incompatibilities between two different systems.

Security Operations and Personal Security

Organisational security topics, such as operational and personal security, are also inadequately covered by university curricula. These topics relate to the overall security posture of an organisation. For example, operational security involves the detection and analysis of cybersecurity incidents using a combination of technology solutions and a strong set of processes to generate an appropriate response. Similarly, personal security helps employees to become accustomed to good security practices and raise their security awareness. Therefore, IT graduates, who may need to take up these kind of responsibilities, should not be left with inadequate knowledge and skills to carry out their tasks.

For more detailed insights:

Target audience:

  • European Commission (DG CNECT)