http://www3.gartner.com/DisplayDocument?doc_cd=105807 Industry Must Act to Avoid Shortage of IT Security Workers 8 April 2002 Vic Wheatman IT security depends on good trained workers. Since neither the U.S. government nor academic institutions fill the need for adequate IT security training and workers, enterprises must take action. Industry Must Act to Avoid Shortage of IT Security Workers IT security depends on good trained workers. Since neither the U.S. government nor academic institutions fill the need for adequate IT security training and workers, enterprises must take action. ---------------------------------------------------------------------- Event Recently, universities awarded the first 100 scholarships to graduate students to study information security under a program overseen by the U.S. National Science Foundation (NSF). Upon graduation with a master of science degree, students will work for a federal agency for at least two years. First Take Enterprises must make greater efforts to supply themselves with IT security workers because the few university programs available are too small to make a noticeable difference in the short term. IT security depends on good workers much more than on good technology. Software will always have bugs. Intrusion detection requires people to watch for flags. Vulnerabilities will occur in even the most carefully designed systems. The best security strategy does not involve plugging holes but developing sound policies and procedures and then educating the workforce about them. In short, enterprises must strengthen their IT security teams to manage the problem. However, neither the government nor academic institutions fill the need for IT security workers. The NSF program is very small - only six universities participate so far. Very few universities offer a concentration in information security or security management. Indeed, in most universities, security does not form part of the core computer science or management of technology curriculum but is tacked on or neglected altogether. Government and industry need workers with a strong academic background in computer forensics, information and network security, and the management of such technologies. However, enterprises must do more to supply the worker shortfall. Many enterprises only allow some staff to go to a conference or training course occasionally. To accelerate the graduation of students with IT security skills, enterprises should strengthen academic security programs by doing the following: * Lobbying for academic IT security programs and sending people to them * Creating internships for students that lead to full-time employment in IT security * Partnering with academic institutions to develop innovative IT security curricula * Analytical Sources: Vic Wheatman and Ray Wagner, Information Security Strategies Need to Know: Reference Material and Recommended Reading * "Managing the Dynamic IT Skills Portfolio" (R-13-5613). Best-in-class enterprises have learned that they must anticipate their need for IT skills, determine the best way to "source" those skills, create techniques to develop skills and regularly reassess how their skills portfolio might change in the future. By Barbara Gomolski, Cassio Dreyfuss, Susan Dallas, Joseph Feiman, Diane Tunick Morello, Roberta Witty, Colleen Young, Simon Mingay, Nick Jones and Richard Matlus * "U.S. Government Report Shows Money Alone Cannot Buy Security" (FT-15-5755). As its first priority, the government should find ways to allocate the current level of funding more efficiently. By John Pescatore - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:12 PDT