{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T19:02:11Z","timestamp":1776711731602,"version":"3.51.2"},"reference-count":61,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2021,8,24]],"date-time":"2021-08-24T00:00:00Z","timestamp":1629763200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,11,12]]},"abstract":"\nPurpose<\/jats:title>\nThe purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research.<\/jats:p>\n<\/jats:sec>\n\nDesign\/methodology\/approach<\/jats:title>\nThis study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents.<\/jats:p>\n<\/jats:sec>\n\nFindings<\/jats:title>\nAfter a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance.<\/jats:p>\n<\/jats:sec>\n\nResearch limitations\/implications<\/jats:title>\nInvestigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\\surveys, would allow consolidating whether literature and industry requirements are equivalent.<\/jats:p>\n<\/jats:sec>\n\nPractical implications<\/jats:title>\nFindings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry.<\/jats:p>\n<\/jats:sec>\n\nOriginality\/value<\/jats:title>\nThis study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2020-0121","type":"journal-article","created":{"date-parts":[[2021,8,23]],"date-time":"2021-08-23T04:57:26Z","timestamp":1629694646000},"page":"697-723","source":"Crossref","is-referenced-by-count":31,"title":["Key competencies for critical infrastructure cyber-security: a systematic literature review"],"prefix":"10.1108","volume":"29","author":[{"given":"Nabin","family":"Chowdhury","sequence":"first","affiliation":[]},{"given":"Vasileios","family":"Gkioulos","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,8,24]]},"reference":[{"issue":"4","key":"key2021111012414923000_ref050","doi-asserted-by":"publisher","DOI":"10.1108\/K-12-2014-0283","article-title":"A systematic review of approaches to assessing cybersecurity awareness","volume":"44","year":"2015","journal-title":"Kybernetes."},{"issue":"3","key":"key2021111012414923000_ref001","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1016\/j.techsoc.2010.07.001","article-title":"An overview of social engineering malware: trends, tactics, and implications","volume":"32","year":"2010","journal-title":"Technology in Society"},{"issue":"1","key":"key2021111012414923000_ref003","doi-asserted-by":"publisher","DOI":"10.1108\/JSIT-02-2018-0028","article-title":"Human factor security: evaluating the cybersecurity capacity of the industrial workforce","volume":"21","year":"2019","journal-title":"Journal of Systems and Information Technology"},{"key":"key2021111012414923000_ref004","first-page":"169","article-title":"Human capability evaluation approach for cyber security in critical industrial infrastructure","volume-title":"Advances in Human Factors in Cybersecurity","year":"2016"},{"issue":"1","key":"key2021111012414923000_ref005","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/MITP.2011.6","article-title":"Enhancing the cybersecurity workforce","volume":"13","year":"2011","journal-title":"IT Professional"},{"key":"key2021111012414923000_ref006","first-page":"24","article-title":"Cybersecurity and the critical infrastructure: looking beyond the perimeter","volume":"3","year":"2006","journal-title":"Information Systems Control Journal"},{"issue":"3\/4","key":"key2021111012414923000_ref007","first-page":"279","article-title":"Assessing individuality in learning: the learning skills profile","volume":"11","year":"1991","journal-title":"Educational Psychology"},{"key":"key2021111012414923000_ref008","first-page":"1115","article-title":"Human performance in cybersecurity: a research agenda","volume-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting","year":"2011"},{"key":"key2021111012414923000_ref009","unstructured":"Carlton, M. (2016), \u201cDevelopment of a cybersecurity skills index: a scenarios-based, hands-on measure of non-IT professionals' cybersecurity skills\u201d, Doctoral dissertation, Nova Southeastern University."},{"key":"key2021111012414923000_ref010","article-title":"The role of user computer self-eficacy, cybersecurity countermeasures awareness, and cybersecurity skills inuence on computer misuse","volume-title":"Proceedings of the Pre-International Conference of Information Systems (ICIS) SIGSEC \u2013 Workshop on Information Security and Privacy (WISP)","year":"2013"},{"key":"key2021111012414923000_ref011","unstructured":"Chris, D. (2015), \u201cPreventing cyberattacks and data breaches via employee awareness training and phishing simulations\u201d, schneiderdowns. February, available at: www.schneiderdowns.com\/our-thoughts-on\/"},{"issue":"23","key":"key2021111012414923000_ref012","doi-asserted-by":"crossref","first-page":"31","DOI":"10.19101\/IJACR.2016.623006","article-title":"Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks","volume":"6","year":"2016","journal-title":"International Journal of Advanced Computer Research"},{"key":"key2021111012414923000_ref013","first-page":"1","article-title":"Evaluating and improving cybersecurity capabilities of the energy critical infrastructure","volume-title":"2015 IEEE International Symposium on Technologies for Homeland Security (HST)","year":"2015"},{"key":"key2021111012414923000_ref014","unstructured":"Davis, J. (2020), \u201cRansomware, phishing attacks compromised half US orgs in 2019\u201d, Ed. By Healthysecurity.com. [Online; posted 28-January-2020]. January, available at: https:\/\/healthitsecurity.com\/news\/ransomware-phishing-attacks-compromised-half-us-orgs-in-2019"},{"key":"key2021111012414923000_ref015","doi-asserted-by":"publisher","first-page":"744","DOI":"10.3389\/fpsyg.2018.00744","article-title":"The future cybersecurity workforce: going beyond technical skills for successful cyber performance","volume":"9","year":"2018","journal-title":"Frontiers in Psychology"},{"issue":"17","key":"key2021111012414923000_ref016","doi-asserted-by":"crossref","first-page":"4667","DOI":"10.1002\/sec.1657","article-title":"Human behaviour as an aspect of cybersecurity assurance","volume":"9","year":"2016","journal-title":"Security and Communication Networks"},{"key":"key2021111012414923000_ref017","volume-title":"A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters","year":"2010"},{"key":"key2021111012414923000_ref018","first-page":"1754","article-title":"A proposed Australian industrial control system security curriculum","volume-title":"2013 46th HI International Conference on System Sciences","year":"2013"},{"key":"key2021111012414923000_ref063","article-title":"A survey on intrusion detection and prevention systems","year":"2014"},{"key":"key2021111012414923000_ref019","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1109\/W-FiCloud.2016.30","article-title":"A survey on network security monitoring systems","volume-title":"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)","year":"2016"},{"key":"key2021111012414923000_ref020","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1016\/j.cose.2017.11.015","article-title":"Correlating human traits and cyber security behavior intentions","volume":"73","year":"2018","journal-title":"Computers & Security"},{"key":"key2021111012414923000_ref021","article-title":"Malaysia's national cyber security policy: the country's cyber defense initiatives","year":"2011"},{"key":"key2021111012414923000_ref022","article-title":"Mastering the cyber security skills crisis: realigning educational outcomes to industry requirements","year":"2017"},{"issue":"2","key":"key2021111012414923000_ref023","first-page":"33","article-title":"Holistically building the cybersecurity workforce","volume":"10","year":"2011","journal-title":"IEEE Security and Privacy Magazine"},{"key":"key2021111012414923000_ref024","volume-title":"Advances in Cyber Security: Technology, Operation, and Experiences","year":"2013"},{"key":"key2021111012414923000_ref025","first-page":"127","article-title":"A survey of critical infrastructure security","volume-title":"Critical Infrastructure Protection VIII","year":"2014"},{"key":"key2021111012414923000_ref026","unstructured":"Igor, N.F., Neisse, R., Lazari, A. and Ruzzante, G.-L. (2018), Cybersecurity Competence Survey, doi: 10.2760\/42369, available at: https:\/\/ec.europa.eu\/jrc\/en\/publication\/european-cybersecurity-centre-expertise-cybersecurity-competence-survey"},{"key":"key2021111012414923000_ref027","unstructured":"IRM (2015), \u201cAmateyrs attack technology. Professional hackers target people\u201d, available at: www.irmplc.com, www.irmplc.com\/issues\/human-behaviour"},{"key":"key2021111012414923000_ref028","first-page":"124","article-title":"Is The NICE Cybersecurity Workforce Framework (NCWF) Effective For A Workforce Comprised Of Interdisciplinary Majors?","year":"2018"},{"issue":"5","key":"key2021111012414923000_ref029","doi-asserted-by":"crossref","first-page":"973","DOI":"10.1016\/j.jcss.2014.02.005","article-title":"A survey of emerging threats in cybersecurity","volume":"80","year":"2014","journal-title":"Journal of Computer and System Sciences"},{"issue":"3","key":"key2021111012414923000_ref030","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3152893","article-title":"The core cyber-defense knowledge, skills, and abilities that cybersecurity students should learn in school: results from interviews with cybersecurity professionals","volume":"18","year":"2018","journal-title":"ACM Transactions on Computing Education ( Education)"},{"key":"key2021111012414923000_ref031","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1016\/j.ijcip.2015.02.002","article-title":"A survey of cyber security management in industrial control systems","volume":"9","year":"2015","journal-title":"International Journal of Critical Infrastructure Protection"},{"key":"key2021111012414923000_ref032","year":"2018"},{"key":"key2021111012414923000_ref033","article-title":"Information security awareness and behavior: a theory-based literature review","volume-title":"Management Research Review","year":"2014"},{"key":"key2021111012414923000_ref034","first-page":"71","article-title":"An interdisciplinary approach to educating an effective cyber security workforce","volume-title":"Proceedings of the 2013","year":"2013"},{"key":"key2021111012414923000_ref035","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1016\/j.cose.2018.03.011","article-title":"A review of standards with cybersecurity requirements for smart grid","volume":"77","year":"2018","journal-title":"Computers and Security"},{"issue":"3","key":"key2021111012414923000_ref036","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jicte.2005070101","article-title":"A case study of management skills comparison in online and on-campus MBA programs","volume":"1","year":"2005","journal-title":"International Journal of Information and Communication Technology Education (IJICTE)"},{"key":"key2021111012414923000_ref037","first-page":"1782","article-title":"Developing a critical infrastructure and control systems cybersecurity curriculum","volume-title":"2013 46th HI International Conference on System Sciences","year":"2013"},{"key":"key2021111012414923000_ref038","first-page":"1","article-title":"Ten national cyber security strategies: a comparison","volume-title":"International Workshop on Critical Information Infrastructures Security","year":"2011"},{"issue":"1","key":"key2021111012414923000_ref039","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1080\/15332861.2010.487415","article-title":"Inuence of awareness and training on cyber security","volume":"9","year":"2010","journal-title":"Journal of Internet Commerce"},{"key":"key2021111012414923000_ref040","first-page":"516","article-title":"Enabling practical experimentation in cybersecurity training","year":"2017"},{"key":"key2021111012414923000_ref041","first-page":"1","article-title":"On building cybersecurity expertise in critical infrastructure protection","volume-title":"2015 IEEE International Symposium on Technologies for Homeland Security (HST)","year":"2015"},{"key":"key2021111012414923000_ref042","first-page":"181","article-title":"National initiative for cybersecurity education (NICE) cybersecurity workforce framework","volume":"800","year":"2017","journal-title":"NIST special publication"},{"key":"key2021111012414923000_ref043","unstructured":"NISTIR (2014), \u201cNISTI7628 7628 rev. 1 guidelines for smart grid cybersecurity\u201d, National Institute of Standards and Technology, available at: https:\/\/csrc.nist.gov\/publications\/detail\/nistir"},{"key":"key2021111012414923000_ref044","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2015.10.002","article-title":"Analysis of personal information security behavior and awareness","volume":"56","year":"2016","journal-title":"Computers and Security"},{"key":"key2021111012414923000_ref045","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.1954824","article-title":"A guide to conducting a systematic literature review of information systems research","volume":"10","year":"2010","journal-title":"SSRN Electronic Journal"},{"key":"key2021111012414923000_ref046","first-page":"26","article-title":"Towards a human factors ontology for cyber security","year":"2015","journal-title":"STIDS"},{"issue":"5","key":"key2021111012414923000_ref047","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1016\/j.cose.2012.04.004","article-title":"Taxonomy of compliant information security behavior","volume":"31","year":"2012","journal-title":"Computers and Security"},{"issue":"3","key":"key2021111012414923000_ref048","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MSP.2012.73","article-title":"NICE: creating a cybersecurity workforce and aware public","volume":"10","year":"2012","journal-title":"IEEE Security and Privacy Magazine"},{"key":"key2021111012414923000_ref049","first-page":"67","article-title":"What skills do you need to work in cyber security? A look at the Australian market","year":"2015"},{"key":"key2021111012414923000_ref051","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/2380790.2380793","article-title":"Mapping the cyber security terrain in a research context","volume-title":"Proceedings of the 1st annual conference on Research in Information Technology","year":"2012"},{"key":"key2021111012414923000_ref052","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1016\/j.cose.2015.01.002","article-title":"Personality, attitudes, and intentions: predicting initial adoption of information security behavior","volume":"49","year":"2015","journal-title":"Computers and Security"},{"key":"key2021111012414923000_ref053","doi-asserted-by":"publisher","first-page":"98","DOI":"10.11610\/isij.2808","article-title":"Cyber security of safety-critical infrastructures: a case study for nuclear facilities","volume":"28","year":"2012","journal-title":"Information and Security: An International Journal"},{"key":"key2021111012414923000_ref054","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1145\/2808006.2808038","article-title":"Cyber education: a multi-level, multi-discipline approach","volume-title":"Proceedings of the 16th Annual Conference on Information Technology Education","year":"2015"},{"key":"key2021111012414923000_ref055","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1145\/3197091.3197123","article-title":"Enhancing cybersecurity skills by creating serious games","volume-title":"Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education","year":"2018"},{"key":"key2021111012414923000_ref056","first-page":"1","article-title":"Cyber security training a survey of serious games in cyber security","volume-title":"2017 IEEE Frontiers in Education Conference (FIE)","year":"2017"},{"key":"key2021111012414923000_ref057","first-page":"1","article-title":"An example of a cybersecurity education model","volume-title":"2019 29th Annual Conference of the European Association for Education in Electrical and Information Engineering (EAEEIE)","year":"2019"},{"key":"key2021111012414923000_ref058","first-page":"13","article-title":"Analyzing the past to prepare for the future: writing a literature review","year":"2002"},{"key":"key2021111012414923000_ref059","doi-asserted-by":"publisher","first-page":"101636","DOI":"10.1016\/j.cose.2019.101636","article-title":"Cyber ranges and security testbeds: scenarios, functions, tools and architecture","volume":"88","year":"2020","journal-title":"Computers and Security"},{"issue":"4","key":"key2021111012414923000_ref060","doi-asserted-by":"crossref","first-page":"998","DOI":"10.1109\/SURV.2012.010912.00035","article-title":"A survey on cyber security for smart grid communications","volume":"14","year":"2012","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"key2021111012414923000_ref062","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.ijcip.2016.02.003","article-title":"Evaluating the readiness of cyber first responders responsible for critical infrastructure protection","volume":"13","year":"2016","journal-title":"International Journal of Critical Infrastructure Protection"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2020-0121\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2020-0121\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:04Z","timestamp":1753406584000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/5\/697-723\/105737"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,24]]},"references-count":61,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2021,8,24]]},"published-print":{"date-parts":[[2021,11,12]]}},"alternative-id":["10.1108\/ICS-07-2020-0121"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2020-0121","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,8,24]]}}}