Security and IT Background (original) (raw)
Related papers
Anatomy of the Information Security Workforce
IT Professional, 2010
Survey results indicate that the information security workforce, one of the fastest growing subgroups in IT, is a unique professional niche with distinctive task responsibilities, job market conditions, and training needs. Although much prior research has focused on the IT workforce, researchers have hardly explored the cybersecurity subset of IT. To address this gap, we conducted a research study to understand the information security workforce's unique characteristics and environment. Our research found that this particular workforce requires a distinctive skill set and thus should be considered separately from the general IT workforce. Our work explores issues such as tasks specific to information security professionals, job-market conditions, and necessary training. This article also provides an in-depth understanding of information security careers such as job responsibilities at various professional-managerial levels as well as motivations for entering this niche and employee turnover.
Information Security as a Part of Curricula in Every Professional Domain, Not Just ICT's
Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare
Information security is increasingly gaining attention of managers, leaders but also of general public. Attacks on information security are no longer focused on "pure" IT systems, but are finding critical infrastructure of great interest: energy supply, transportation systems, financial systems and other vital systems. However, even the notion of national critical infrastructure is changing as cyber attackers find their motivations in attacking food production and supply, health systems, news media, educational resources and other systems traditionally not being considered as critical national infrastructure. Actually, it seems that the attackers better understand the interdependencies of modern, global society than leaders and decision makers. It seems that no part of modern social, commercial or private life is unimportant to attackers and that they all need to be defended. This presents tall goals to cyber defense forces. But even that is not the end of the problems. New methods of attacks are appearing. Slow san attacks are very difficult to discover. Hibernated attacks are executed by programs deployed many days, months, theoretically even years earlier, rendering it impossible to trace the attack back to the origin and the attacker. Finally, new attackers are stepping onto the scene: white collar social engineers. As automated tools for social engineering are becoming more sophisticated and readily available, domain specialists are able to perform highly sophisticated attacks against their fellow professionals. Information and communication technology specialissts and information security specialists lack the domain knowledge to predict, detect and counter fight such attacks. It becomes clear that specialized, dedicated cyber defense forces are necessary. Information security cannot be their side job or just a part of their job. It has to be the only job. However, they alone would have a hard job securing systems if those who design, deploy and maintain them do not get appropriate education in information security in order for systems to be as secure as possible, in the first place. But, not even that is sufficient. Security of every system is so domain specific and attackers are getting so domain proficient that only domain specialists can predict, prevent and counter attacks. Therefore, in order to even attempt to achieve required level of security of the society, domain professionals need to get information security awareness, education and readiness trainings, continuously. A special challenge presents the fact that domain professionals do not have an attacker's mindset. They think about usability, intuitiveness and flexibility of systems they build and take care of. In order to be able to mitigate the attack risk, they have to understand and to some extent enact the mindset of the attackers. This requires psychological education as well as simulations and incident trainings.
Information Security - The case for a global skills framework
The explosive growth of digital communications since the advent of the internet has been accelerated by the evolution of web 2.0 (social computing) and the pervasive availability of mobile computing technologies. This has led to a societal expectation of being ‘always connected’ in our personal and professional lives. The information assurance/information security (IA/IS) domain of the profession lacks a unified and global skills framework with a common taxonomy or consistent method of assessing competence (knowledge, skills, experience and behaviour) at progressive levels.
2016
Cybersecurity has become an increasingly important aspect of public policy as Internet traffic increases and mounting cyber threats affect the operation of governments and businesses as well as the everyday life of citizens. Cybersecurity policy-making is at a turning point, becoming a national policy priority with explicit strategies in several countries. Even though the availability of high-level ICT security skills would significantly contribute in leveraging the economic growth of companies, still there is a lack of ICT security skills in Europe. In this paper, the ICT security skills gap between the industry needs and the academia/training curricula is investigated in seven European regions, followed by an analysis of the findings. Based on the findings, a framework is proposed to narrow the security skills gap.
Bridging the Gap between General Management and Technicians - A Case Study in ICT Security
2006
The lack of planning, business re-engineering, and coordination in the whole process of computerisation, is the most pronounced problem facing organisations in developing countries. These problems often lead to a discontinuous link between technology and the business processes. As a result, the introduced technology poses some critical risks to the organisations due to the different perceptions of the management and technical staff in viewing the ICT security problem. This paper discusses a practical experience of bridging the gap between the general management and ICT technicians.
Computer Security. ESORICS 2021 International Workshops, 2022
Over the past decade, researchers investigating IT security from a socio-technical perspective have identified the importance of trust and collaboration between different stakeholders in an organisation as the basis for successful defence. Yet, when employees do not follow security rules, many security practitioners attribute this to them being “weak” or “careless”; many employees in turn hide current practices or planned development because they see security as “killjoys” who “come and kill our baby”. Negative language and blaming others for problems are indicators of dysfunctional relationships. We collected a small set of statements from security experts’ about employees to gauge how widespread this blaming is. To understand how employees view IT security staff, we performed a prolific survey with 100 employees (n = 92) from the US & UK, asking them about their perceptions of, and emotions towards, IT security staff. Our findings indicate that security relationships are indeed of...
INFORMATION SECURITY SYSTEM AND DEVELOPMENT OF A MODERN ORGANIZATION
Journal of the Washington Institute of China Studies, 2009
Information security management systems are increasingly applied in a number of sectors of the new, global, interconnected economy. They are used by production and service companies, businesses that provide information technology and telecom services, state administration authorities and local governments. Specifically, they are used in case of crime groups or as a means of securing illegal transactions. Intelligence services and governmental agencies cannot be ignored here either. Information security and information technology are world’s fastest growing industry, and not surprisingly - one of China's fastest growing industries as well. In fact, the increasing computerization in both private and public sectors (despite heavy government control) makes China a market with huge potential for software development, outsourcing and security services, essential for economic growth and national security. China's rapidly developing software market however is yet to display its full potential.
Threat Analysis and Response Solutions, 2009
The goal of our study is to contribute to a better understanding of role conflict, skill expectations, and the value of information technology (IT) security professionals in organizations. Previous literature has focused primarily on the role of information professionals in general but has not evaluated the specific role expectations and skills required by IT security professionals in today's organizations. In this chapter, we take into consideration the internal and external factors that affect the security infrastructure of an organization and therefore influence the role expectations and skills required by those who are in charge of the security of network infrastructures in organizations. First, we describe the factors discussed in the literature and support them with quotes gathered from interviews conducted with information security professionals in small organizations in Central New York. Then, we present a set of common themes that expand the understanding of this role and finally we provide practical recommendations that would facilitate the management of these professionals within organizations.