Clearwater, FL., U.S.A., December 17, 2013 - (ISC)²® ("ISC-squared"), the world's largest information security professional body and administrators of the CISSP®, today announced a series of recommendations for the U.S. government to consider in order to more effectively solve the cyber security workforce skills gap challenge. The recommendations were delivered early this month directly to government officials at the White House, U.S. Department of Homeland Security, U.S. Department of Defense, and National Institute of Standards and Technology, as well as members of academia and other influencers within the federal workforce community.
As supported by data from the 2013 (ISC)2 Global Information Security Workforce Study, the known gap between the supply and demand for qualified information security professionals around the world has become acute. Over half of U.S. government survey respondents said the greatest reason their agency has too few information security workers is because business conditions can't support additional personnel at this time. Yet, other experts around the world claim the problem of the skills gap lies primarily with the difficulty in finding qualified personnel and funding challenges.
During the 10th anniversary gathering of (ISC)2's U.S. Government Advisory Board for Cyber Security (GABCS), (ISC)2 officials led a discussion with former and current board members representing CISO-level executives from federal agencies and departments in an effort to gain greater understanding of the underlying challenge facing the federal environment. As a result, (ISC)2 developed a series of recommendations that address the following topics:
· ensuring security in the cloud, software, and the supply chain;
· establishing a cyber "special forces" team;
· aligning existing workforce programs such as the Scholarship for Service (SFS) and Centers for Academic Excellence (CAE) programs to the NICE Framework;
· implementing the DoD 8570.01-M model across all government agencies;
· assigning accountability for information security failures to mission and business owners, and recognizing successes, among other recommendations.
"Based on our research, 61% of U.S. government information security professionals believe that their agency has too few information security workers to manage threats now, let alone in the future. Yet, information security positions are going unfilled," says W. Hord Tipton, CISSP, executive director of (ISC)2 and former CIO of the U.S. Department of Interior. "Our goal in delivering these recommendations to key influencers is to help the U.S. government close the workforce skills gap and to strengthen information security via avenues such as existing frameworks, the acquisition process, and personal accountability, among others."
For a copy of the letter sent to members of the U.S. government information security community that includes a complete list of (ISC)2's recommendations, please visit https://www.isc2.org/government.aspx.