Identifying Core Concepts of Cybersecurity: Results of Two Delphi Processes

Geet Parekh, David Delatte, Geoffrey L. Herman, Linda Oliva, Dhananjay Phatak, Travis Scheponik, Alan T. Sharman

Research output: Contribution to journalArticlepeer-review


This paper presents and analyzes results of two Delphi processes that polled cybersecurity experts to rate cybersecurity topics based on importance, difficulty, and timelessness. These ratings can be used to identify core concepts-cross-cutting ideas that connect knowledge in the discipline. The first Delphi process identified core concepts that should be learned in any first course on cybersecurity. The second identified core concepts that any cybersecurity professional should know upon graduating from college. Despite the rapidly growing demand for cybersecurity professionals, it is not clear what defines foundational cybersecurity knowledge. Initial data from the Delphi processes lay a foundation for defining the core concepts of the field and, consequently, provide a common starting point to accelerate the development of rigorous cybersecurity education practices. These results provide a foundation for developing evidence-based educational cybersecurity assessment tools that will identify and measure effective methods for teaching cybersecurity. The Delphi results can also be used to inform the development of curricula, learning exercises, and other educational materials and policies.

Original languageEnglish (US)
Article number7967715
Pages (from-to)11-20
Number of pages10
JournalIEEE Transactions on Education
Issue number1
StatePublished - Feb 2018


  • Concept inventory
  • Delphi process
  • assessment tools
  • conceptual learning
  • cybersecurity
  • cybersecurity assessment tools (CATS)
  • information assurance
  • student assessment

ASJC Scopus subject areas

  • Education
  • Electrical and Electronic Engineering


Dive into the research topics of 'Identifying Core Concepts of Cybersecurity: Results of Two Delphi Processes'. Together they form a unique fingerprint.

Cite this