Risk
12/17/2013
07:36 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

(ISC)2 Delivers Recommendations For Solving The U.S. Government Cyber Security Skills Gap Challenge

CISO-level executives from federal agencies and departments met in an effort to gain greater understanding of the underlying challenge facing the federal environment

Clearwater, FL., U.S.A., December 17, 2013 - (ISC)²® ("ISC-squared"), the world's largest information security professional body and administrators of the CISSP®, today announced a series of recommendations for the U.S. government to consider in order to more effectively solve the cyber security workforce skills gap challenge. The recommendations were delivered early this month directly to government officials at the White House, U.S. Department of Homeland Security, U.S. Department of Defense, and National Institute of Standards and Technology, as well as members of academia and other influencers within the federal workforce community.

As supported by data from the 2013 (ISC)2 Global Information Security Workforce Study, the known gap between the supply and demand for qualified information security professionals around the world has become acute. Over half of U.S. government survey respondents said the greatest reason their agency has too few information security workers is because business conditions can't support additional personnel at this time. Yet, other experts around the world claim the problem of the skills gap lies primarily with the difficulty in finding qualified personnel and funding challenges.

During the 10th anniversary gathering of (ISC)2's U.S. Government Advisory Board for Cyber Security (GABCS), (ISC)2 officials led a discussion with former and current board members representing CISO-level executives from federal agencies and departments in an effort to gain greater understanding of the underlying challenge facing the federal environment. As a result, (ISC)2 developed a series of recommendations that address the following topics:

· ensuring security in the cloud, software, and the supply chain;

· establishing a cyber "special forces" team;

· aligning existing workforce programs such as the Scholarship for Service (SFS) and Centers for Academic Excellence (CAE) programs to the NICE Framework;

· implementing the DoD 8570.01-M model across all government agencies;

· assigning accountability for information security failures to mission and business owners, and recognizing successes, among other recommendations.

"Based on our research, 61% of U.S. government information security professionals believe that their agency has too few information security workers to manage threats now, let alone in the future. Yet, information security positions are going unfilled," says W. Hord Tipton, CISSP, executive director of (ISC)2 and former CIO of the U.S. Department of Interior. "Our goal in delivering these recommendations to key influencers is to help the U.S. government close the workforce skills gap and to strengthen information security via avenues such as existing frameworks, the acquisition process, and personal accountability, among others."

For a copy of the letter sent to members of the U.S. government information security community that includes a complete list of (ISC)2's recommendations, please visit https://www.isc2.org/government.aspx.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web