(computerweekly)
- Global IT association ISACA has launched its Cybersecurity
Nexus (CSX) programme to help address
the global security skills shortage.
According
to the Cisco 2014 Annual Security Report, more than one million positions for security
professionals remain unfilled around
the world.
CSX
is aimed at helping IT professionals with
security-related responsibilities to “skill up” and providing support through
research, guidance and mentoring.
A
recent ISACA survey found that 62% of organizations’ have not increased
security training in 2014, despite 20% of enterprises reporting they have been
hit by advanced persistent threats.
“Unless
the industry moves now to address the cyber-security skills crisis, threats
such as major retail data breaches and the Heartbleed bug will continue to
outpace the ability of organizations to defend against them,” said Robert
Stroud, ISACA international president-elect.
CSX
is designed as a comprehensive programme that provides expert-level
cyber-security resources tailored to each stage in a cyber-security
professional’s career.
The
programme includes career development resources, frameworks, community and
research guidance, such as Responding to Targeted Cyberattacks and Transforming
Cybersecurity Using COBIT 5.
There
is also a Cybersecurity Fundamentals Certificate that is aimed at entry level
information security professionals with zero to three years of practitioner
experience.
The
CSX program marks the first time in its 45-year history that ISACA will offer a
security-related certificate.
The
certificate is for people just coming out of college and for career-changers
now getting into IT security. The foundational level is knowledge-based and
covers four domains:
·Cybersecurity
architecture principles ·Security of
networks, systems, applications and data ·Incident response ·Security
implications related to adoption of emerging technologies ·The exam will be offered
online and at select ISACA conferences and training events beginning this
September. ·The content
aligns with the US NICE framework and was developed by a team of about 20
cyber-security professionals from around the world. ·ISACA plans to
add more to the CSX programme, including: A cybersecurity practitioner-level
certification with the first exam in 2015, Cybersecurity Training courses,
SCADA guidance and digital forensics guidance. ·A recent global
poll of members of ISACA student chapters shows that 88% of the ISACA student
members surveyed say they plan to work in a position that requires some level
of cybersecurity knowledge.
A
recent global poll of members of ISACA student chapters shows that 88% of the
ISACA student members surveyed say they plan to work in a position that
requires some level of cybersecurity knowledge.
However,
fewer than half say they will have the adequate skills and knowledge they need
to do the job when they graduate.
“Security
is always one of the top three items on a CIO’s mind, yet IT and computer
science courses at university level are not allocating a proportional amount of
training to cybersecurity,” said Eddie Schwartz, chair of ISACA’s Cybersecurity
Task Force.
“Today,
there is a sizeable gap between formal education and real world needs. This, in
itself, is an area requiring immediate focus so that the industry can get
better at detecting and mitigating cyber threats,” he said.
According
to Tony Hayes, ISACA international president, enterprises cannot rely on just a
handful of universities to teach cybersecurity.
“With
every employee and endpoint at risk of being exploited by cyber criminals,
security is everyone’s business. We need to make cybersecurity education as
accessible as possible to the next generation of defenders,” he said.