A Framework for Multi-University Cybersecurity Curriculum Gap Analysis

Abstract

With the global demand for cybersecurity professionals consistently exceeding supply, higher education institutions plays a critical role in addressing the skills gap. This requires aligning curricula not only with evolving workforce requirements but also with international standards that ensure consistency and quality. However, systematic approaches for identifying curricular strengths and gaps across universities remain underdeveloped. To address this gap, this paper introduces a methodological framework that integrates the Cyber Security Curricula 2017 guidelines with a curriculum maturity model to evaluate cybersecurity education across institutions. We demonstrate the framework through a comparative case study of three universities: Norwegian University of Science and Technology (NTNU), Østfold University College (HiØ), and The Virginia Polytechnic Institute and State University (Virginia Tech). Across three universities (NTNU, HiØ, Virginia Tech), the framework mapped 110 courses, with 44% Core Cybersecurity and 56% Cybersecurity-Related. NTNU excelled in Data Security, HiØ in Organizational and Human Security, and Virginia Tech in Societal Security. Common strengths included Cryptography, Risk Management, and Network Architectures, while persistent gaps appeared in Storage Security, Identity Management, Usable Security, and lifecycle aspects of System Security. These results highlight the value of a structured, evidence-based approach for identifying curricular strengths and weaknesses. This framework is designed to be replicable in other higher-education contexts seeking program improvement.