qualification for information security professionals
play

Qualification for Information Security Professionals Marcel Spruit - PDF document

Sep 10, 2022 •279 likes •426 views

Qualification for Information Security Professionals Marcel Spruit The Hague University of Applied Sciences THE NETHERLANDS m.e.m.spruit@hhs.nl Fred van Noord Dutch Society for Information Security PvIB THE NETHERLANDS fredvannoord@pvib.nl

  1. Qualification for Information Security Professionals Marcel Spruit The Hague University of Applied Sciences THE NETHERLANDS m.e.m.spruit@hhs.nl Fred van Noord Dutch Society for Information Security PvIB THE NETHERLANDS fredvannoord@pvib.nl ABSTRACT Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training. 1.0 INTRODUCTION In today’s information society, it is important for every organization to handle (digitalized) information with care. Organizations need to protect their growing volumes of information against an increasingly complex set of threats. This calls for well-educated information security specialists. However, worldwide there is a lack of well-educated information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. Intended information security specialists can use this basic level as a foundation on which they build their specialization. Do we already have enough education and training which deliver people with a known and acceptable basic level of information security competences? We are still far from that. There is a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. Over the past few years, a chaotic situation has arisen in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. As a consequence, information security professionals are unable to clearly identify their knowledge and skills on the basis of their job title and the supporting certificates. Employers are unable to see if a candidate for a security job is a well-trained and experienced information security professional. And educational institutions are reluctant to develop new information security education and training. STO-MP-IST-122 14 - 1

  2. Qualification for Information Security Professionals Apparently the information security field requires uniform qualifications which are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals and give educational institutions a framework which facilitates the development of appropriate information security education and training. The latter leads to more and better educated professionals with a recognized basic level of cyber security competences. 2.0 PROGRAMME QUALIFICATION OF INFORMATION SECURITY Initiated by the Dutch Association of Information Security PvIB a number of well known Dutch and multinational organizations 1 have joined forces to start the programme Qualification of Information Security (QIS). The programme strives for a clear and transparent situation for qualification. The aim is the realization of a uniform qualification framework for information security professionals that is widely supported and that is connected to the European e-Competence Framework (e-CF) as well as existing qualification frameworks for information security. The intended qualification framework is targeted to: • The information security professionals. They can use the qualification system for showing their competences and for managing their education and training. • The employers. They can use the qualification system for selecting and hiring information security professionals. • The educators. They can use the qualification system for setting up information security education and training. 3.0 APPROACH The programme articulated the steps to realize uniform qualification for information security professionals: • Check whether there is sufficient public support for a (new) qualification system. • If so, formulate the design principles that must be met. • Describe the information security field and it’s typical jobs. • Define a job profile for each typical job. • Define an education profile for each typical job. • Set up a managed qualification system. 4.0 PUBLIC SUPPORT AND DESIGN PRINCIPLES An essential precondition for a qualification system is broad acceptance by on the one hand the group of professionals concerned, and on the other hand the employers that can use the profiles for the recruitment and the selection of professionals and the educational institutions that can use the profiles for establishing education and training. The first step of the programme was to set up a preliminary investigation to check whether there is significant public support for uniform qualification for information security professionals. The preliminary investigation started in 2011 and delivered its report in April 2011 [1]. 1 Rabobank, ING, ABN AMRO, EY, AkzoNobel, Dutch national government, Dutch Cyber Security Council (Cyber Security Raad), ECP (Programme Digital Skills & Safety) and PvIB 14 - 2 STO-MP-IST-122

  3. Qualification for Information Security Professionals As part of the preliminary investigation a desk study has been performed, as well as 23 individual and group interviews with information security professionals, employers, educators and certification bodies. The first results were discussed during a seminar with information security professionals. The picture that emerged from the investigation was that a uniform qualification system for information security professionals was very welcome, with particularly strong support among information security professionals and educators. Furthermore it was found that the intended qualification system has to meet a number of design principles: • It covers the full scope of information security (information risk management and ICT security), but not the small-scale and specialized jobs. • It contains qualifications on different levels, for example secondary vocational, higher vocational and university level. • It contains a body of knowledge and skills, as well as keeping up knowledge and skills. • It is compliant with an international standard for qualification, later on particularized to the European e-Competence Framework (e-CF) [2]. • It shows how it incorporates existing qualifications for information security, such as CISSP, CISM, ISSMP, SSCP et cetera. • It provides for a transitional provision for professionals already working in information security. • Its qualifications are recognized internationally. • It is a suitable basis for a certification registry. • It is managed and supported by an independent organization. As there was particularly strong support among information security professionals and educators, the support among employers became a critical success factor. To make sure that the intended qualification system as well as the design principles could count on significant support among employers a covenant has been drawn up [3]. The aim of the covenant was that employers could endorse the intended qualification system and state that they have the intention to use the qualification system once it becomes available. The covenant was presented to the major Dutch employers’ federations and a significant number of employers. During a information security seminar in May 2013 the first signatures were put under the covenant by representatives of eight large well-known Dutch organizations. So it seems that there is sufficient support for the intended qualification system by employers. To ensure that broad acceptance remains during the progress of the programme, information security professionals, employers and educators are participating in each step of the programme. Furthermore, the intermediate results will be reviewed by representative groups from the PvIB (representing the information security professionals), the QIS steering committee and projects committee (representing the employers), as well as providers of information security education and training (representing the educators). 5.0 INFORMATION SECURITY AND TYPICAL JOBS 5.1 Information security Information security is preservation of confidentiality, integrity and availability of information [4]. This definition clearly indicates that information security has a broad scope. Our preliminary investigation [1] revealed that information security professionals distinguish various domains within information security. STO-MP-IST-122 14 - 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Are Information Security professionals rational decision-makers? . Konstantinos Mersinas

Are Information Security professionals rational decision-makers? . Konstantinos Mersinas

Motivation Approach Design Findings Conclusions Future Work Thank you Are Information Security professionals rational decision-makers? . Konstantinos Mersinas Distance Learning Weekend Conference 2015 Royal Holloway, University of

656 views • 29 slides
Knowledge is Power

Knowledge is Power

Presentation Skills for Offjce Professionals A SAQA registered qualification for Administrative Professionals in all Services Sectors Based on SAQAs Unit Standard ID 242840, Level 4, 4 Credits FACILITATOR: GERHARD VISSER Tel: 0861 999 973

487 views • 12 slides
Homeland Security Resources for Security Professionals Phillip Osborn CPP, CISSP, CAMS

Homeland Security Resources for Security Professionals Phillip Osborn CPP, CISSP, CAMS

Homeland Security Resources for Security Professionals Phillip Osborn CPP, CISSP, CAMS Supervisory Special Agent, DHS-HSI, (ret.) President ATIS Consulting, LLC. Purpose To provide information about resources and professional development

780 views • 61 slides
InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka,

InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka,

InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka, Larry Salibra, Leonhard Weese FCC, Hong Kong, 2015-02-26 V0.97 from 2015-03-12 Content I n t r o d u c t i o n D i s c l a i m e r s

421 views • 30 slides
Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from

Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from

By recognizing the four main categories of attack, security Security professionals need to understand how to plug the Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from Layers 3 to 7, and protect

387 views • 9 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Software Security Process & Testing a primer for quality professionals Fred Pinkett VP,

Software Security Process & Testing a primer for quality professionals Fred Pinkett VP,

Software Security Process & Testing a primer for quality professionals Fred Pinkett VP, Product Management Security Innovation About Security Innovation Application Security Experts 10+ years research on vulnerabilities Security

690 views • 49 slides
I nform ation security in health care Evaluation w ith health professionals Robin Krens, Utrecht

I nform ation security in health care Evaluation w ith health professionals Robin Krens, Utrecht

I nform ation security in health care Evaluation w ith health professionals Robin Krens, Utrecht University Marco Spruit, Utrecht University Nathalie Urbanus-van Laar, UMC Utrecht 1 Agenda Introduction to information security Research

357 views • 15 slides
Certified Professionals OAC 3745 300 05 Certified Professional 8 Hour Training CP

Certified Professionals OAC 3745 300 05 Certified Professional 8 Hour Training CP

Certified Professionals OAC 3745 300 05 Certified Professional 8 Hour Training CP qualification requirements Minimum Bachelors Degree Acceptable Majors: biology, chemistry, environmental sciences, geology, hydrogeology,

571 views • 18 slides
Australian Learning & Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning & Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning & Qualification Program Agenda 1. New Leadership Qualification 2. Implementation and next steps Leadership Qualification (LQ) ALQP replaces AALP New name is Australian Learning & Qualification Program

773 views • 54 slides
Bachelor of Information Technology 2 Qualification - Degree Bachelor of Information

Bachelor of Information Technology 2 Qualification - Degree Bachelor of Information

Bachelor of Information Technology 2 Qualification - Degree Bachelor of Information Technology (Mobile Application Development) Bachelor of Information Technology (Game Application Programming) 3 Why AIT BIT? Industry demand of

295 views • 12 slides
The Arnewood School Y8 KS4 Information Evening Aims To explain current qualification

The Arnewood School Y8 KS4 Information Evening Aims To explain current qualification

The Arnewood School Y8 KS4 Information Evening Aims To explain current qualification structure the pathways process what you can do to help and allow people to begin to think about the choices in discussion with subject

474 views • 24 slides
Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant chores facing information security professionals. Chapter 11 tedious, time-consuming, boring Lecturer: Pei-yih Ting 1 Overview Configuring Logging

401 views • 7 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Education at a Glance OECD Indicators 2020 Contact North Andreas Schleicher The long shadows of

Education at a Glance OECD Indicators 2020 Contact North Andreas Schleicher The long shadows of

Education at a Glance OECD Indicators 2020 Contact North Andreas Schleicher The long shadows of school closures By the end of June, schools across the OECD had experienced some form of closure lasting an average of 14 weeks Figure D1.4

434 views • 31 slides
General Education Program Assessment Forum Sponsored by the General Education Council in

General Education Program Assessment Forum Sponsored by the General Education Council in

General Education Program Assessment 11/3/2014 Forum General Education Program Assessment Forum Sponsored by the General Education Council in collaboration with the Office of Assessment & Accreditation April 2014 04/02/2014 Tasks for

302 views • 27 slides
Oregon STEM General Education 1 Oregon: Benefits of Education No High School Diploma: $384

Oregon STEM General Education 1 Oregon: Benefits of Education No High School Diploma: $384

Oregon STEM General Education 1 Oregon: Benefits of Education No High School Diploma: $384 High School Diploma: $533 Some College: $598 Associates Degree: $677 Bachelor Degree or higher: $960+ Bachelor Degree or higher: $960+ Oregon Dept

263 views • 9 slides
DEPARTMENT OF COMMERCE AND CONSUMER AFFAIRS Department of Commerce and Consumer Affairs (DCCA)

DEPARTMENT OF COMMERCE AND CONSUMER AFFAIRS Department of Commerce and Consumer Affairs (DCCA)

DEPARTMENT OF COMMERCE AND CONSUMER AFFAIRS Department of Commerce and Consumer Affairs (DCCA) Mission of DCCA To protect Hawaiis consumers and service its business community with respect and fairness to the interests of both. 1

471 views • 19 slides
2 Overview of Presentation Objectives of the Handbook

2 Overview of Presentation Objectives of the Handbook

1 OCCUPATIONS AND CAREERS HANDBOOK FOR UAE NATIONALS Handbook Overview

422 views • 26 slides
WUF WUFAR 101 AR 101 Federal Funding Conference March 2020 What does WU What does WUFAR mean?

WUF WUFAR 101 AR 101 Federal Funding Conference March 2020 What does WU What does WUFAR mean?

WUF WUFAR 101 AR 101 Federal Funding Conference March 2020 What does WU What does WUFAR mean? AR mean? What does WU What does WUFAR mean? AR mean? Wisconsin Uniform Financial Accounting Requirements Wisconsin Wisconsin Uniform

422 views • 39 slides
Dependency Analysis as the Basis for a Generic Type System Maxime Gamboni Instituto de

Dependency Analysis as the Basis for a Generic Type System Maxime Gamboni Instituto de

Dependency Analysis as the Basis for a Generic Type System Maxime Gamboni Instituto de Telecomunica c oes, Instituto Superior T ecnico, Portugal April 20th, 2011 Behaviour Dependencies Activeness and Responsiveness Generic Plan

382 views • 37 slides
The use of stopping criteria for iterative Krylov methods in designing adaptive methods for PDEs

The use of stopping criteria for iterative Krylov methods in designing adaptive methods for PDEs

The use of stopping criteria for iterative Krylov methods in designing adaptive methods for PDEs Mario Arioli Visiting Professor, Wuppertal University January 6, 2016 The use of stopping criteria for iterative Krylov methods in designing

766 views • 62 slides

More recommend