Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Key Factors of Information Security Culture

Novija istraživanja pokazuju da je za pravilno upravljanje informacijskom sigurnošću, osim odavno prepoznatih tehničkih mjera, potrebno uzeti u obzir i ne-tehničke mjere s posebnim naglaskom na ljudskome čimbeniku. Jedna od tih mjera jest i kultura informacijske sigurnosti koja, ako je dobro uspostavljena i podržana od višeg rukovodstva, može značajno pridonijeti zaštiti informacijske imovine pretvaranjem ljudi, kao prepoznatog problema informacijske sigurnosti, u rješenje tog problema. Potreba za uspostavom dobre kulture informacijske sigurnosti posebno dolazi do izražaja u slučaju organizacija koje predstavljaju tzv. kritičnu nacionalnu infrastrukturu koja je u današnje vrijeme sve češća meta kibernetičkih napada, a prvi je korak u uspostavi kulture informacijske sigurnosti identifikacija čimbenika koji čine tu kulturu. Cilj je ovoga rada sažeti najcitiranije ključne čimbenike kulture informacijske sigurnosti identificirane na temelju pregleda znanstvenih članaka indeksiranih u relevantnim bazama podataka te na kraju navesti utvrđene nedostatke u istraživanjima i pružiti čitateljima moguće smjernice za daljnja istraživanja.Recent researches show that to manage information security properly, one must consider not just widely-recognized technical measures but also non-technical measures with particular emphasis on the human factor. One of these measures is information security culture which, if well-established and supported by senior management, can significantly contribute to the protection of information assets by turning people from the recognized problem of information security into the mere solution to this problem. The need for establishing a sound information security culture is especially evident in the case of organizations that represent the so-called critical national infrastructure. Nowadays, it is an increasingly frequent target of cyber-attacks, and the first step in establishing an information security culture is to identify the factors that constitute that culture. The purpose of this paper is to summarize most cited key factors of information security culture identified in scientific articles indexed in relevant databases and, in the end, to state identified research gaps and provide readers with possible directions for further researches

Key Success Factors of Information Systems Security

The issue of information systems security, and thus information as key resource in today\u27s information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization\u27s information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Information Security Culture Evaluation and Improvement Framework

Već duži niz godina istraživanja iz domene informacijske sigurnosti ističu kako su upravo informacije ključni resurs svake organizacije koje je, sukladno tome, potrebno primjereno štititi. Međutim, ono što se promijenilo u odnosu na prije dvadesetak godina je činjenica da zaštita informacija temeljena na samo tehničkim mjerama zaštite više nije dovoljna, a informacijska sigurnost više ne predstavlja tehnički nego upravljački problem. Novija istraživanja pokazuju kako je za primjereno upravljanje informacijskom sigurnošću potrebno, uz davno prepoznate tehničke mjere, uzeti u obzir i ne-tehničke mjere s posebnim naglaskom na ljudski čimbenik. Međutim, iako su ljudi u literaturi prepoznati kao kritične prijetnje u zaštiti informacijske imovine, oni ujedno mogu postati i rješenje problema. Mjerama kao što su, između ostalog, definiranje sigurnosnih politika i procedura ili održavanje radionica podizanja svijesti o informacijskoj sigurnosti uspostavlja se dobra kultura informacijske sigurnosti koja može značajno doprinijeti zaštiti informacijske imovine na način da ljude, kao prepoznati problem informacijske sigurnosti, pretvori u rješenje tog problema. Način za postizanje toga je uspostava primjerene kulture informacijske sigurnosti kao načina zaštite informacija što dovodi do potrebe identifikacije elemenata koji doprinose uspostavi kulture informacijske sigurnosti. Glavni doprinosi istraživanja opisanog u ovoj disertaciji su sistematizacija znanja iz područja kulture informacijske sigurnosti, identifikacija ključnih čimbenika koji čine kulturu informacijske sigurnosti, razvijen i validiran mjerni instrument za procjenu kulture informacijske sigurnosti temeljen na dosadašnjim istraživanjima i provedenom empirijskom istraživanju te u konačnici, razvijen i validiran okvir za procjenu i unapređenje kulture informacijske sigurnosti koji kulturu informacijske sigurnosti ne promatra u samo jednom aspektu (primjerice ponašanje zaposlenika) već u obzir uzima njenu organizacijsku, sociološku i tehničku komponentu. Validacija mjernog instrumenta i radnog okvira za procjenu i unapređenje kulture informacijske sigurnosti provedena je putem provjere pouzdanosti te sadržajne i konstruktne valjanosti teorijskih koncepata pomoću znanstvenih metoda (evaluacija eksperata, metoda sortiranja karata, faktorska analiza) i pokazatelja (Fleiss Kappa, omjer pogodaka, omjer sadržajne valjanosti, Cronbachov alfa i dr.).For many years, information security researchers have identified information as the key resource of any organization that needs to be adequately protected. However, what has changed in the past twenty years is the fact that information protection based on purely technical measures is no longer sufficient, since information security is no longer technical but managerial problem. Recent research shows that, with well-known technical measures, for an appropriate information security management it is necessary to take into account non-technical measures also, with a special emphasis on the human factor. However, although literature recognize people as the weakest link in the security chain, they can also become a solution of the problem. A good way to achieve this is to establish an appropriate information security culture as a way of protecting information, which leads to the need of identifying elements that contribute to the establishment of an information security culture in organization. The research described in this thesis contained several phases based on the use of qualitative and quantitative scientific methods. The first phase referred to the identification of key factors of information security culture in the organizational context, the second phase consisted of activities for conceptual framework development, the third phase was about the development and testing of a measuring instrument, and the final, fourth phase referred to the analysis of empirical research data as well as correlation analysis of information security culture and information security measures implementation in the organization. During the first phase, key factors of information security culture in the organizational context were identified by using scientific methods of review, analysis and synthesis of available relevant research in the field of information security culture. During the second phase, an information security culture evaluation and improvement conceptual framework, in form of defined categories and components of each category based on the results of the first phase of research, was developed. The most extensive, third phase, consisted of the development and testing of a measuring instrument which was in the form of a survey questionnaire. The creation of the questionnaire particles was based on a literature search in the information security culture field, after which the particles used so far were used to describe and measure the identified factors influencing the information security culture. In other words, particle creation was based on the results obtained in the first phase of the research. In this section, a convenient (available) sample of 12 experts was contacted to participate in the validation of the content and construct validity of extracted particles. In the context of this research, the term “experts” means certified professionals in the field of information security or information systems auditing. Content validation included the calculation of the Content Validity Ratio (CVR) and the Averaged value of relative importance. The next steps included the measurement scale development and measurement instrument testing. In this part of the research, the Q-sort (card sorting) method was used and it was based on the experts’ involvement in particle assessment, where experts were to classify particles into separate categories with respect to similarities and differences among particles. If the experts consistently classified the particles into appropriate constructs, it was considered that the convergent validity of a certain construct was achieved, as well as the discriminant validity in relation to other constructs. For those particles for which experts did not reach consensus, they were excluded from further analysis. Two measurement methods were used to assess the reliability of the sorting procedure: the Fleiss Kappa coefficient, as a measure of agreement between more than two experts, and the Hit Ratio, as an indicator of how many variables were placed in the target group by experts. Scales that have a high percentage of “correct” classifications can be said to have a high degree of construct validity and a high potential for good reliability. All the measuring instrument particles were measured using a five-degree Likert-type semantic ordinal scale. In order to determine the relevance of the measuring instrument, it contained several questions about objective indicators of the implemented information security measures in the organization (for example, occurrences of incidents or awareness campaigns via e-mails alerting employees to various security threats). For the purpose of measuring instrument validation in terms of internal consistency and conceptual framework validation, it was planned to form a sample of organizations that make operators of essential services in the context of critical national infrastructure in the Republic of Croatia. Then, after the sample would be formed, the survey questionnaire would be sent to employees of these organizations, who are users of the information system. However, due to the impossibility of determining the entire population of the operators of essential services, from which a random sample was to be formed, due to the sensitivity of information about which organizations they are, the author of this study was forced to use the non-probabilistic Snowball method to determine participants in the empirical part of this study. For this reason, as a basis for determining the required minimum sample size or number of subjects, a literaturesupported measure of at least three times more subjects than there are particles in the measuring instrument, was taken. The empirical research was conducted on the basis of voluntary and anonymous participation without collecting any personal data. The final, fourth phase included the analysis of the collected data after the conducted empirical research as well as the analysis of the correlation between information security culture and implemented information security measures in the organization. At the very beginning, a descriptive statistical analysis was used, which goal was to examine summary descriptions of the distributions of quantitative variables and to validate the instrument in terms of reliability of the obtained data. To assess the reliability of the measuring instrument, the Cronbach's α (alpha) coefficient was used, as a measure of internal consistency, which determines the extent to which research results can be repeated over time or through different groups of subjects. In order to further verify the validity and reliability of the measuring instrument, an exploratory factor analysis was performed on the data obtained by empirical research, which reduced the total number of factors to 8 factors distributed within 3 higher-level categories. It is important to emphasize that the information security culture evaluation and improvement framework is based on a validated measuring instrument and shares its structure. This means that the measuring instrument consists of manifest variables (particles) that describe the first-level latent variables (factors) and the second-level latent variables (categories) that are described by these factors. The mentioned factors and categories from the measuring instrument are integral parts of the information security culture evaluation and improvement framework, which in its initial structure consisted of 13 factors divided into 3 higher-level categories (organizational measures, sociological factors and technical measures). Based on the question of objective indicators of implemented information security measures in the organization, which were the part of the measuring instrument, correlation analysis was used to verify and prove the positive relatively weak correlation between information security culture and implemented information security measures. Thus, in addition to the validation of the measuring instrument as the basis for the framework development, the information security culture evaluation and improvement framework was successfully validated. Finally, after theoretical and empirical validation of the measuring instrument and framework, first through the expert opinion method, and then by factor analysis, the final structure of the measuring instrument and the information security culture evaluation and improvement framework was obtained. It consisted of 3 second-level latent variables (categories), 8 first-level latent variables (factors) and 46 manifest variables (particles) that directly measure first-level latent variables. One of the main identified research limitations is the inability to create a representative sample of organizations that are the operators of essential services as well as employees or participants in the research due to the inability to determine the size of the entire population. The organizations that are operators of essential services have been selected for the proposed framework and measurement instrument validation because they are increasingly the targets of various forms of information security incidents and are an important element in terms of national critical infrastructure. Additional recognized limitations are the limited ability to generalize results due to the use of non-probabilistic sampling method, relatively small number of experts who participated in the content and construct validation of the measuring instrument, poor motivation of potential participants and inevitable possible subjectivity during the relevant literature review. This thesis is divided into 7 chapters, where the first chapter, which is the introductory part, briefly elaborates the importance of the research topic from which the 3 research goals to be achieved by this research arose, as well as the formulation of 2 hypotheses that this research seeks to confirm or discard. The second chapter provides a general view of information security, its evolution through history and the basic components that make information security. The third chapter deals with an extensive topic of information security management in which the emphasis is on information security as corporate governance part as well as managementlevel, and no longer only the technical-level problem. Also, this chapter emphasizes the need for a holistic approach to information security management. This chapter also addresses the challenges of information security as well as the elements of information security management and provides a brief overview of relevant laws and norms in the field of information security with emphasis on the importance of the so-called critical national infrastructure. The fourth chapter provides a detailed overview of information security culture, from the definition of the term, through its importance and relationship with organizational culture to documenting the acquired knowledge about key factors and existing models and frameworks of information security culture from relevant literature. The fifth chapter is reserved for the research methodology, which describes step by step the scientific methods and indicators that will be used in meeting the set research goals. The sixth chapter extensively presents the results of the research obtained through the methodology described in the previous chapter, while the seventh, last chapter, summarizes the research results in the context of research goals and hypotheses, underlining the contributions and limitations of this research

Information Security Culture Evaluation and Improvement Framework

Već duži niz godina istraživanja iz domene informacijske sigurnosti ističu kako su upravo informacije ključni resurs svake organizacije koje je, sukladno tome, potrebno primjereno štititi. Međutim, ono što se promijenilo u odnosu na prije dvadesetak godina je činjenica da zaštita informacija temeljena na samo tehničkim mjerama zaštite više nije dovoljna, a informacijska sigurnost više ne predstavlja tehnički nego upravljački problem. Novija istraživanja pokazuju kako je za primjereno upravljanje informacijskom sigurnošću potrebno, uz davno prepoznate tehničke mjere, uzeti u obzir i ne-tehničke mjere s posebnim naglaskom na ljudski čimbenik. Međutim, iako su ljudi u literaturi prepoznati kao kritične prijetnje u zaštiti informacijske imovine, oni ujedno mogu postati i rješenje problema. Mjerama kao što su, između ostalog, definiranje sigurnosnih politika i procedura ili održavanje radionica podizanja svijesti o informacijskoj sigurnosti uspostavlja se dobra kultura informacijske sigurnosti koja može značajno doprinijeti zaštiti informacijske imovine na način da ljude, kao prepoznati problem informacijske sigurnosti, pretvori u rješenje tog problema. Način za postizanje toga je uspostava primjerene kulture informacijske sigurnosti kao načina zaštite informacija što dovodi do potrebe identifikacije elemenata koji doprinose uspostavi kulture informacijske sigurnosti. Glavni doprinosi istraživanja opisanog u ovoj disertaciji su sistematizacija znanja iz područja kulture informacijske sigurnosti, identifikacija ključnih čimbenika koji čine kulturu informacijske sigurnosti, razvijen i validiran mjerni instrument za procjenu kulture informacijske sigurnosti temeljen na dosadašnjim istraživanjima i provedenom empirijskom istraživanju te u konačnici, razvijen i validiran okvir za procjenu i unapređenje kulture informacijske sigurnosti koji kulturu informacijske sigurnosti ne promatra u samo jednom aspektu (primjerice ponašanje zaposlenika) već u obzir uzima njenu organizacijsku, sociološku i tehničku komponentu. Validacija mjernog instrumenta i radnog okvira za procjenu i unapređenje kulture informacijske sigurnosti provedena je putem provjere pouzdanosti te sadržajne i konstruktne valjanosti teorijskih koncepata pomoću znanstvenih metoda (evaluacija eksperata, metoda sortiranja karata, faktorska analiza) i pokazatelja (Fleiss Kappa, omjer pogodaka, omjer sadržajne valjanosti, Cronbachov alfa i dr.).For many years, information security researchers have identified information as the key resource of any organization that needs to be adequately protected. However, what has changed in the past twenty years is the fact that information protection based on purely technical measures is no longer sufficient, since information security is no longer technical but managerial problem. Recent research shows that, with well-known technical measures, for an appropriate information security management it is necessary to take into account non-technical measures also, with a special emphasis on the human factor. However, although literature recognize people as the weakest link in the security chain, they can also become a solution of the problem. A good way to achieve this is to establish an appropriate information security culture as a way of protecting information, which leads to the need of identifying elements that contribute to the establishment of an information security culture in organization. The research described in this thesis contained several phases based on the use of qualitative and quantitative scientific methods. The first phase referred to the identification of key factors of information security culture in the organizational context, the second phase consisted of activities for conceptual framework development, the third phase was about the development and testing of a measuring instrument, and the final, fourth phase referred to the analysis of empirical research data as well as correlation analysis of information security culture and information security measures implementation in the organization. During the first phase, key factors of information security culture in the organizational context were identified by using scientific methods of review, analysis and synthesis of available relevant research in the field of information security culture. During the second phase, an information security culture evaluation and improvement conceptual framework, in form of defined categories and components of each category based on the results of the first phase of research, was developed. The most extensive, third phase, consisted of the development and testing of a measuring instrument which was in the form of a survey questionnaire. The creation of the questionnaire particles was based on a literature search in the information security culture field, after which the particles used so far were used to describe and measure the identified factors influencing the information security culture. In other words, particle creation was based on the results obtained in the first phase of the research. In this section, a convenient (available) sample of 12 experts was contacted to participate in the validation of the content and construct validity of extracted particles. In the context of this research, the term “experts” means certified professionals in the field of information security or information systems auditing. Content validation included the calculation of the Content Validity Ratio (CVR) and the Averaged value of relative importance. The next steps included the measurement scale development and measurement instrument testing. In this part of the research, the Q-sort (card sorting) method was used and it was based on the experts’ involvement in particle assessment, where experts were to classify particles into separate categories with respect to similarities and differences among particles. If the experts consistently classified the particles into appropriate constructs, it was considered that the convergent validity of a certain construct was achieved, as well as the discriminant validity in relation to other constructs. For those particles for which experts did not reach consensus, they were excluded from further analysis. Two measurement methods were used to assess the reliability of the sorting procedure: the Fleiss Kappa coefficient, as a measure of agreement between more than two experts, and the Hit Ratio, as an indicator of how many variables were placed in the target group by experts. Scales that have a high percentage of “correct” classifications can be said to have a high degree of construct validity and a high potential for good reliability. All the measuring instrument particles were measured using a five-degree Likert-type semantic ordinal scale. In order to determine the relevance of the measuring instrument, it contained several questions about objective indicators of the implemented information security measures in the organization (for example, occurrences of incidents or awareness campaigns via e-mails alerting employees to various security threats). For the purpose of measuring instrument validation in terms of internal consistency and conceptual framework validation, it was planned to form a sample of organizations that make operators of essential services in the context of critical national infrastructure in the Republic of Croatia. Then, after the sample would be formed, the survey questionnaire would be sent to employees of these organizations, who are users of the information system. However, due to the impossibility of determining the entire population of the operators of essential services, from which a random sample was to be formed, due to the sensitivity of information about which organizations they are, the author of this study was forced to use the non-probabilistic Snowball method to determine participants in the empirical part of this study. For this reason, as a basis for determining the required minimum sample size or number of subjects, a literaturesupported measure of at least three times more subjects than there are particles in the measuring instrument, was taken. The empirical research was conducted on the basis of voluntary and anonymous participation without collecting any personal data. The final, fourth phase included the analysis of the collected data after the conducted empirical research as well as the analysis of the correlation between information security culture and implemented information security measures in the organization. At the very beginning, a descriptive statistical analysis was used, which goal was to examine summary descriptions of the distributions of quantitative variables and to validate the instrument in terms of reliability of the obtained data. To assess the reliability of the measuring instrument, the Cronbach's α (alpha) coefficient was used, as a measure of internal consistency, which determines the extent to which research results can be repeated over time or through different groups of subjects. In order to further verify the validity and reliability of the measuring instrument, an exploratory factor analysis was performed on the data obtained by empirical research, which reduced the total number of factors to 8 factors distributed within 3 higher-level categories. It is important to emphasize that the information security culture evaluation and improvement framework is based on a validated measuring instrument and shares its structure. This means that the measuring instrument consists of manifest variables (particles) that describe the first-level latent variables (factors) and the second-level latent variables (categories) that are described by these factors. The mentioned factors and categories from the measuring instrument are integral parts of the information security culture evaluation and improvement framework, which in its initial structure consisted of 13 factors divided into 3 higher-level categories (organizational measures, sociological factors and technical measures). Based on the question of objective indicators of implemented information security measures in the organization, which were the part of the measuring instrument, correlation analysis was used to verify and prove the positive relatively weak correlation between information security culture and implemented information security measures. Thus, in addition to the validation of the measuring instrument as the basis for the framework development, the information security culture evaluation and improvement framework was successfully validated. Finally, after theoretical and empirical validation of the measuring instrument and framework, first through the expert opinion method, and then by factor analysis, the final structure of the measuring instrument and the information security culture evaluation and improvement framework was obtained. It consisted of 3 second-level latent variables (categories), 8 first-level latent variables (factors) and 46 manifest variables (particles) that directly measure first-level latent variables. One of the main identified research limitations is the inability to create a representative sample of organizations that are the operators of essential services as well as employees or participants in the research due to the inability to determine the size of the entire population. The organizations that are operators of essential services have been selected for the proposed framework and measurement instrument validation because they are increasingly the targets of various forms of information security incidents and are an important element in terms of national critical infrastructure. Additional recognized limitations are the limited ability to generalize results due to the use of non-probabilistic sampling method, relatively small number of experts who participated in the content and construct validation of the measuring instrument, poor motivation of potential participants and inevitable possible subjectivity during the relevant literature review. This thesis is divided into 7 chapters, where the first chapter, which is the introductory part, briefly elaborates the importance of the research topic from which the 3 research goals to be achieved by this research arose, as well as the formulation of 2 hypotheses that this research seeks to confirm or discard. The second chapter provides a general view of information security, its evolution through history and the basic components that make information security. The third chapter deals with an extensive topic of information security management in which the emphasis is on information security as corporate governance part as well as managementlevel, and no longer only the technical-level problem. Also, this chapter emphasizes the need for a holistic approach to information security management. This chapter also addresses the challenges of information security as well as the elements of information security management and provides a brief overview of relevant laws and norms in the field of information security with emphasis on the importance of the so-called critical national infrastructure. The fourth chapter provides a detailed overview of information security culture, from the definition of the term, through its importance and relationship with organizational culture to documenting the acquired knowledge about key factors and existing models and frameworks of information security culture from relevant literature. The fifth chapter is reserved for the research methodology, which describes step by step the scientific methods and indicators that will be used in meeting the set research goals. The sixth chapter extensively presents the results of the research obtained through the methodology described in the previous chapter, while the seventh, last chapter, summarizes the research results in the context of research goals and hypotheses, underlining the contributions and limitations of this research

Key Success Factors of Information Systems Security

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches

Right Competencies for the right ICT Jobs – case study of the Croatian Labor Market

The development of information and communication technologies (ICT) has led to the significant changes in many areas of human lives. One of the aspects becoming much more challenging is the education of ICT professionals. Latest statistics show that the labor market demand for ICT practitioners exceeds the number of higher education graduates in the field of ICT. This paper provides a brief overview of the past and current situation on the labor market regarding the demand for ICT professionals, as well as forecasts by 2020. Paper also provides a research of demanded competencies in ICT jobs advertisements, and their comparison with competencies defined within the e-Competence framework 3.0 and generic competencies defined by Tuning project

Preparing ICT Graduates for Real-World Challenges: Results of a Meta-Analysis

The information and communications technology (ICT) industry is making important contributions to economic growth both locally and globally. There is a high demand for ICT professionals that higher education institutions are still struggling to meet. An effective literature review is an important part of understanding the existing findings and issues in the education of future ICT professionals, and for planning future research directions. This comprehensive study presented here includes a review of 761 papers on the level of summary analysis and 155 papers in depth, according to ten research questions related to: curriculum design and delivery, knowledge and skills of future ICT professionals, teaching methods, collaboration between academia and industry, and future employment and career development of ICT professionals in the labor market. Based on the findings from a content and cluster analysis, the results indicate the need for a more holistic and strategic approach to the education of future ICT professionals, including career development support within formal processes of higher education

Developing Undergraduate IT Students’ Generic Competencies Through Problem-Based Learning

Possession of generic competences is recognized as a very important characteristic of future professionals in the field of information and communication technologies (ICT). There is a high pressure on higher education institutions (HEIs) to provide students with both technical knowledge and generic competencies. This study introduces a learning environment set in line with the principles of problem-based learning (PBL) aimed at raising students’ generic competences. Based on responses from 227 students, the results suggest that students perceive the set learning environment contributing to the development of a wide range of generic competences

Prestige and Collaboration Among Researchers in the Field of Education and Career Development of ICT Graduates: Is There a Cross-Fertilization of Research and Knowledge?

This paper analyzes state of the art of the research regarding the education and career development of ICT graduates based on a comprehensive literature review. Analysis presented in this paper includes 155 papers in two research areas – one related to the education of ICT graduates (101 papers) and the other to their career development (54 papers). The most prestigious papers, most influential journals and groupings of authors in the abovementioned fields are identified by using the citation analysis and Social Network Analysis (SNA). Results show that the most influential papers related to ICT career are research papers dealing with ICT job skills requirements, and related to ICT education are ICT association’s related reports and recommendations on curriculum development. In general, results show that there is a lack of cross-fertilization of knowledge in both areas which means that the mixing of ideas that can lead to better research results is missing