Mapping Skills and Knowledge for Information Security and Data Protection

“Shortage of skilled workers in the ICT sector!” is what we constantly hear and read about. But how did this shortage come about? In the TeBeISi project, we investigated the question by focusing on the areas of Information Security (IS) and Data Protection (DP). We carried out a mapping of needed skills in everyday work and recognised job profiles (via ESCO) for both areas to arrive at an occupational profile that meets the requirements of SMEs (small and medium sized enterprises).  

The findings on required Information Security and Data Protection competencies started in each partner country with a Desk-Research, which was supplemented by Field-Research, were we invited experts for interviews and organized focus groups to find out more about the real needs in SME’s. The outcomes of these activities served as the basis for the Report on Identification of Competence Profiles, where we matched our outcomes with validation tools at EU and national level to accomplish recognition in the non-formal sector.  


We were able to achieve a partial success in the project, as ESCO officially included parts of our Occupational Profile in their database. Recognition at national level – based on the ECVET criteria and the respective national qualifications frameworks – is a still ongoing process. An important finding from our surveys is that SMEs’ CEOs want IS-DP staff to take on a mediating role between management and employees in the areas of Information Security and Data Protection. It was emphasised that social skills such as empathy, resilience, strong communication skills and a willingness to embrace change play an important role in this position.