Successfully reported this slideshow.
In a world of increasing information security threats, academic initiatives focused on cybersecurity are proliferating – yet, there is still the danger of falling short in addressing the long-term threat. To avoid becoming too focused on near-term issues, academic programs must be more collaborative across their own institutions, with industry, government and among the global academic community. Only by working in concert can we meet today’s demand while educating the next generation to create a more secure future.
© 2013 IBM CorporationCybersecurity education for the next generationAdvancing a collaborative approachApril 2013
© 2013 IBM Corporation2In a world of increasing information security threats,academic initiatives focused on cybersecurity areproliferating – yet, there is still the danger of falling shortin addressing the long-term threat.To avoid becoming too focused on near-term issues,academic programs must be more collaborative acrosstheir own institutions, with industry, government andamong the global academic community.Only by working in concert can we meet today’s demandwhile educating the next generation to create a moresecure future.
© 2013 IBM CorporationAnalysis approach3• IBM monitors over 200 cybersecurity academic programs as part of itsCyber Security Innovation program• From those 200+ institutions, we selected 15 programs in 6 differentcountries• The selections were made based on geographic location, programmaturity, and diversity of approaches• We conducted 60 minute qualitative interviews with faculty members,department chairs and others• We augmented the research with data from IBM’s 2012 Tech Trendswhich surveyed over 450 students and 250 educators from 13 countries
© 2013 IBM CorporationCybersecurity is top of mind for students, educators, industry andgovernment – there is a proliferation of programs and a very strong demandfor trained professionals Industry and government are currentlyfacing a significant skills gap There is an enormous focus from nationalgovernments The academic programs we interviewed allstated that the demand for their studentsis extremely high In the future, our interviewees envisioned:– A larger threat– Increasing demand and more programs– New skills needed and taught– More rigor and a broader scope4 SOURCES: (1) “RSA 2013: Cyber security skills shortage needs urgent attention, says DoHS”, ComputerWeekly.com, 2/26/13“The DoHS can’t findenough people to hire,and there are not enoughpeople in the pipeline toprotect companies, criticalinfrastructures andgovernments in future…Governments, businessand the IT securityindustry need to worktogether to make cybersecurity more visible andattractive as a career.”1- Mark Weatherford, Deputy Under-secretary forCybersecurity at the US Department of HomelandSecurity (DoHS)
© 2013 IBM CorporationStudents and educators see security as an important topic – they also see itas a barrier to technology adoption and feel their institutions aren’t doingenoughLess than 60% of students and educators believe their academicprograms address the creation and development of IT securitypractices for these emerging technology areasSOURCE: IBM 2012 Tech Trends5With all of the progress being made by cybersecurity academic programs, there isstill work needed to fully embed information security practices and principlesPercentage of students and educators who see securityas a top barrier to technology adoption
© 2013 IBM CorporationPrograms are expected to provide more of everything – four common trendswere identified by the educators we interviewed6
© 2013 IBM CorporationThere is a very strong demand for trained professionals which has causedprograms to face a number of challenges – straining organizational andtechnology resources7
© 2013 IBM Corporation“Similar to the observation that security must be builtinto systems from the start, security concepts also needto be covered in the computer science curriculum fromthe very beginning…this creates the challenge ofmaking room for these concepts in courses that alreadyhave plenty of material in them.”— Dr. Mustaque AhamadProfessor, College of Computing, Georgia Institute of Technology8
© 2013 IBM CorporationPrograms are addressing the challenges in different ways – taking differentapproaches to cybersecurity education, but still sharing common principles9Specializingearly &focused onapplicationFundamentalsearly &focused ontheoryFormal disciplineTheory and practiceTeach in an integrated fashionBasic principles in all programsIndependent study and studentinterest groupsGovernment and industrycollaborationStrong faculty development
© 2013 IBM CorporationThese trends, challenges, issues and differing perspectives cannot be metby each academic program on its own – a set of leading practices is needed10
© 2013 IBM CorporationCollaborate within your own institutionHolistic• Programs provide a broadspectrum of traditional andemerging technical areas• Covers security policy andmanagementInter-disciplinary• Requires an ethics course• Offers courses in policy,management, public policy,international affairs, psychology,law, and economics• Joint programs with other schoolsDiverseprograms• Most programs are focused at thegraduate level, fewer havededicated undergraduate programs• Concentrations or minors11“Interdisciplinary educationfor cybersecurity is essential.It is not only about computerscience and engineering. Weare working to bring togethermultiple programs from ouruniversity – criminology, brainsciences, statistics, ethics,healthcare, informatics,economics and risk analysis –to truly develop acomprehensive approach tosecurity thinking.”— Dr. Bhavani ThuraisinghamLouis A. Beecherl Jr. Distinguished Professor,Department of Computer Science, Executive Director ofthe Cyber Security Research and Education Institute,The University of Texas at Dallas
© 2013 IBM CorporationCo-evolve with industry and governmentHands-on• Extensive laboratory work andprojects• Special interest groups, “grey hat”clubs and hacking competitions• Students as tech support orsecurity operations for university• Mandatory internshipsBusinessfocused• Formalized processes• Industry advisory board• Business partners provide inputson curriculum design• Fellowships and scholarships• Fund research, sponsor designprojects and research centers• Send employees for training andadvanced degrees12“We take pride in our closeassociation with industry inbuilding our cybersecurityresearch and educationprograms. We can realignour research and curricularfocus based on theirexposure to the latesttrends and needs in themarket.”— Dr. Suku NairProfessor and Chair, Department of Computer Science andEngineering, Director of SMU HACNet Labs, SouthernMethodist University
© 2013 IBM CorporationConnect across the global academic communityResearchoriented• Formal research institute(s) that arecross-department• Single and multi university researchinitiatives with national governments• Students are the primary form oftechnology transferGlobalcollabor-ation• Most global collaborations aren’tformal• A need for a common languagebetween scientists, industry andpolicy makers• Need the development of afoundation for the “science ofsecurity”13“There is a significant needfor a common language ofinformation security, notwithin the technicaldiscipline, but betweengovernment, academia anddifferent industries –information securityspecialists need to beunderstood by engineers,policy makers and businessleaders, and vice versa.”— Prof. Dr. Michael WaidnerChair Professor for Security in Information Technology,Technical University of Darmstadt, Director of the FraunhoferInstitute for Secure Information Technology
© 2013 IBM CorporationRecommendations14Strive to balance the near-term requirements of industry and government whileeducating future faculty members and making investments in research12345Increase awareness and expertiseTreat security education as a global issueApproach security comprehensively, linking technical tonontechnical fieldsSeek innovative ways to fund labs and pursue real-worldprojectsAdvance a “science of security”
© 2013 IBM Corporation
© 2013 IBM CorporationFor more informationContactDavid JarvisClient Insights, Senior Consultant, IBM Center for Applied Insightshttp://www.ibm.com/ibmcai