The ongoing barrage of cyber-attacks against large organizations and government institutions is generating growing concern. Target, eBay, P.F. Chang’s, AOL, Aaron Brothers, Kaiser Permanente and numerous others have recently found themselves under attack from hackers and other cyber-criminals.
One major problem is that cyber-security strategies and policies aren’t adequate. Another is that demand for digital security professionals is so great that companies and other institutions can’t keep up.
“We are facing a very serious situation—and one that is not easily solved,” says W. Hord Tipton, executive director of (ISC)2, a not-for-profit industry organization that’s working to build cyber-security programs in businesses and schools. “There is a huge need to produce more career paths and professionals.”
(ISC)2, which is more than two decades old and offers a variety of certification programs in the cyber-security space, takes a somewhat different approach to the problem: While technology is important in battling online crime and protecting data, there’s also a need to produce more educated and knowledgeable professionals within IT and other industries. There’s also a need to better align school programs with real-world certification objectives.
In fact, the organization’s research shows that there’s a growing gap between demand and supply for cyber-security specialists. A February report noted that 35 percent of respondents are currently looking to hire additional professionals in the cyber-security field.
“At present, universities are not producing graduates capable of hitting the ground running with security,” says Tipton, a former CIO for the U.S. Department of the Interior. “And, even when they do, the technology and systems change so quickly that they fall behind.”
In April, (ISC)2 launched its most recent initiative: Global Academic Program (GAP). Its goal is to establish a more consistent framework for cyber-security courses and courseware “in much the same way that the legal profession, accounting and medicine have standards,” he explains. “Schools are only beginning to realize how critical their role is in producing security specialists. This is sort of the reading, writing and arithmetic of computing and the digital world.”
The organization has adopted an open-source approach to content by tapping the knowledge and expertise of its 128 (ISC)2 chapters and nearly 100,000 global members. Classroom materials range from domain-specific modules and practice assessments to faculty handbooks and student textbooks.
All the resources are based on content from the organization’s certified materials, known as a common body of knowledge (CBK). The program, available through a portal, is available to all accredited institutions, according to Tipton. The modules cover everything from authentication and access controls to network design and data protection.
Seventy universities showed interest in the program the day it was introduced, and 18 have already signed agreements—with more in the pipeline.
“The response has been remarkably positive,” Tipton says. “There’s a growing recognition that the current system is not adequate. It’s been like putting a patch on a leaky tire and hoping it works.
“The best way to address cyber-security problems is to create a base of people who have the credentials and education to enter the business world and make a real difference.”