http://www.govinfosecurity.com/articles.php?art_id=4285 By Eric Chabrow Executive Editor GovInfoSecurity.com November 30, 2011 The lack of government-wide definitions for information security occupations means the agencies with the largest IT budgets don't know how many cybersecurity experts they employ. That's one finding in a Government Accountability Office report released Tuesday that details how eight surveyed agencies have taken varied steps to implement workforce planning for IT security personnel. The report, entitled Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, also revealed: * All surveyed agencies had defined roles and responsibilities for their cybersecurity workforce, but these roles did not always align with guidelines issued by the federal Chief Information Officers Council and National Institute of Standards and Technology. * Some agencies had few problems recruiting qualified IT security personnel while others had a hard time hiring infosec experts. One department, Veterans Affairs, said it can find qualified personnel, but once they've been trained, they leave for higher paying jobs, often with government contractors. * Most agencies employed some form of incentives to support their IT security workforce, but none of the eight agencies had metrics to measure the effectiveness of those inducements. * The robustness and availability of cybersecurity training and development programs varied significantly among the agencies. For example, the departments of Commerce and Defense required cybersecurity personnel to obtain certifications and fulfill continuing education requirements. Other agencies used an informal or ad hoc approach to identifying required training. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Nov 30 2011 - 01:37:43 PST
This archive was generated by hypermail 2.2.0 : Wed Nov 30 2011 - 01:42:30 PST