Security in Today s Insecure World for SecureTokyo

Similar documents
Which Side Are You On?

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

SOC Summit June 6, Strengthening Capacity in Cyber Talent sans.org/cybertalent

Cybersecurity Job Seekers

Opening Doors to Cyber and Homeland Security Careers

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

U.S. Department of Homeland Security Office of Cybersecurity & Communications

State of the Cyber Training Market January 2018

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

UK Gender Pay Gap Report 2018

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

THE POWER OF TECH-SAVVY BOARDS:

Understanding Cybersecurity Talent Needs Findings From Surveys of Business Executives and College Presidents

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

Security in India: Enabling a New Connected Era

Personnel Certification

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

POSITION DESCRIPTION

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

Section One of the Order: The Cybersecurity of Federal Networks.

CYBERSECURITY AND THE MIDDLE MARKET

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Training and Certifying Security Testers Beyond Penetration Testing

Mapping to the National Broadband Plan

Media Kit. California Cybersecurity Institute

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust

Cybersecurity. Securely enabling transformation and change

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cybersecurity Risk Management:

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

CISCO NETWORKING ACADEMY CASE STUDY

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Security and Privacy Governance Program Guidelines

CYBERSECURITY RESILIENCE

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Cyber Security Roadmap

GLOBAL PKI TRENDS STUDY

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

State of South Carolina Interim Security Assessment

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Building the Cybersecurity Workforce. November 2017

The Deloitte-NASCIO Cybersecurity Study Insights from

T87 - Building a Stronger Business with a Connected Workforce

CLOSING IN FEDERAL ENDPOINT SECURITY

Why the Security Workforce Needs More Women and Men

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

IT Modernization In Brief

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Fiscal year 2017: TÜV Rheinland continues growth strategy with investments in future-oriented topics

Department of Management Services REQUEST FOR INFORMATION

CALIFORNIA CYBERSECURITY TASK FORCE

Hearing Voices: The Cybersecurity Pro s View of the Profession

NCSF Foundation Certification

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

The Quest for Independence - Information Security Management Pyramid. Mikhail Utin, CISSP, PhD, Daniil Utin, MS and Rubos, Inc.

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Current skills gap for capable CTI analysts: Training for forensics & analysis

PROMOTING THE ICT SECTOR The Importance of Internationally Comparable Data

The Widening Talent Gap: The greatest security challenge of our time

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Building a Resilient Security Posture for Effective Breach Prevention

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Why you should adopt the NIST Cybersecurity Framework

Sales Presentation Case 2018 Dell EMC

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Research Infrastructures and Horizon 2020

Collaboration on Cybersecurity program between California University and Shippensburg University

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Implementation Strategy for Cybersecurity Workshop ITU 2016

ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure

Thinking cities. Khalil Laaboudi. Smart & Sustainable Cities. Global Marketing

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

Solutions Technology, Inc. (STI) Corporate Capability Brief

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

A Global Look at IT Audit Best Practices

POSITION DESCRIPTION

SAN JOSÉ FIRE DEPARTMENT. Strategic Planning

CYBER INTELLIGENCE ASIA Combating Cybercrimes across the region Conference & Exhibition 20 th 22 nd March 2018 Singapore

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cyber Security in Smart Commercial Buildings 2017 to 2021

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

Provisional Translation

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Cyber Security and Cyber Fraud

Transcription:

Security in Today s Insecure World for SecureTokyo David Shearer (ISC) 2 Chief Executive Officer dshearer@isc2.org www.isc2.org

I m Influenced by a Mission Driven Background U.S. Maritime Transportation System Security Search and Rescue U.S. Maritime Law Enforcement International Intellectual Property Protection Canadian, European, Japanese Patent Office Collaboration and the World Intellectual Property Organization Federal lands law enforcement Wildland fire fighting Bureaus covering oil and gas, geological science, dams and critical infrastructure, etc. Food safety Wildland fire fighting Agricultural research, land sciences

Dave, some days at the office

Maybe this is a closer resemblance

Below the Cybersecurity Waterline? there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones. Source: Former U.S. Secretary of Defense Rumsfeld Speech: https://en.wikipedia.org/wiki/there_are_known_knowns

Workforce Skills and Capacity Issues We have an aging global cybersecurity workforce. Less than 6% of the 13,930 respondents to the 2015 (ISC)² Global Information Security Workforce Study (GISWS) are below the age of 30. Lack of qualified candidates is exacerbating an already stressed workforce. Without adequate staffing levels, the workforce is often addressing day-to-day incidents without work cycles to address cybersecurity programmatically. 6

Key Known, Knowns We face a global cybersecurity challenge that requires a well-orchestrated and sustained global response. The challenge cannot be solved locally based on our interconnectedness. Trying to go it on your own will no longer suffice. Information sharing about attacks is increasingly important among private-to-private, private-to-public and public-topublic sectors. Globalization means systemic failures have a ripple effect across business sectors and countries. 7

Additional Key Known, Knowns Organizations are frequently inherently challenged to execute against core strategies. If cybersecurity is not seen as a core corporate strategy, there s limited chance for success. Organizational structure and culture can contribute or hinder the cybersecurity program. 8

Additional Key Known, Knowns Workforce studies and other types of research can help the private and public sectors enhance security posture strategies. Identify trends. Identify future challenges and proactively seek mitigation strategies. Assess what other industries are doing to gauge global risks. Look for cross-sector collaboration opportunities. 9

Center for Cyber Safety and Education Growth of Respondent Pool 2011 = 10,413 Respondents 2013 = 12,393 Respondents 2015 = 13,930 Respondents 11,208 Members 2,722 Non-members https://www.isc2cares.org/industryresearch/gisws/ 10

0 2% 3% 4% 2% 1% 5% 4% 1% 17% 26% 29% 27% 22% 25% 31% 31% 40% 44% 58% 55% 62% 60% 58% 59% 67% 64% Number of Security Workers Enough? A majority from APAC countries, including Japan, indicate that there are too few security workers in their organization. Worldwide APAC Australia China Hong Kong India Japan Singapore South Korea Too many The right number Too few Base: Filtered respondents (n=7,985) 11

6% 10% 4% 16% 6% 19% 4% 8% 5% 27% 9% 19% 2% 13% 7% 17% 7% 6% 33% 50% 39% 39% 38% 35% 31% 38% 16% 43% 21% 41% 32% 27% 53% 67% 53% 62% Age The global average age within the profession is 42 we need to attract more young entrants to the profession. Japan professionals are relatively older than their counterparts in APAC. Worldwide APAC Australia China Hong Kong India Japan Singapore South Korea Under 30 years of age 30 to 39 years of age 40 to 49 years of age 50 years of age or older Base: All 2015 worldwide respondents (n=13,930) 12

45% 43% 47% 25% 47% 45% 35% 38% 45% 45% 44% 46% 41% 34% 42% 49% 59% 22% 43% 39% 38% 49% 38% 36% 33% 42% 49% 24% 28% 27% 29% 14% 28% 31% 39% 22% 31% 34% 29% 33% 29% 44% 36% 43% 20% Reasons for Worker Shortage Most often, businesses cannot support additional personnel, leadership has insufficient understanding or report that it is difficult to find qualified personnel. Worldwide APAC Australia China Hong Kong India Japan Singapore South Korea Business conditions can't support additional personnel at this time It is difficult to find the qualified personnel we require Leadership in our organization has insufficient understanding of the requirement for information security It is difficult to retain security workers There is no clear career path for information security workers Base: Filtered respondents (n=4,969) 13

Combined (ISC) 2 Members and Non-Members Country Profile Japan Gender Composition of Workforce 95% male and 5% female Education 53% have degrees and an additional 37% have advanced degrees Average Salary US$85,800/ year Average Years of Experience 13 Management Responsibility 24% have mostly security consulting responsibilities and 17 % have mostly architectural responsibilities Reporting Structure 20% report to IT Department and 20% to Executive Management 14

Combined (ISC) 2 Members and Non-Members Global vs Japan Organizational Size Number of Employees (Global) Number of Employees (Japan) 25% 15% 43% 50% 15% 16% 16% 1 to 499 employees 500-2,499 employees 2,500-9,999 employees 10,000 or more 20% One to 499 employees 500 to 2,499 employees 2,500 to 9,999 employees 10,000 employees or more Base: All member and non-member respondents (n=10413). 15

Combined (ISC) 2 Members and Non-Members Global vs Japan Organizational Revenue Annual Revenue (Global) 16% Annual Revenue (Japan) 14% 43% 11% 37% 14% 15% 19% 15% 16% Less than $50 million $50 to less than $500 million $500 million to less than $10 billion $10 billion or more Unable to provide Less than $50 million $50 to less than $500 million $500 million to less than $10 billion $10 billion or more Unable to provide 16

Combined (ISC) 2 Members and Non-Members Country Profile Japan Require Security Certifications Top Demands for Training Cloud computing 58% 8% 27% Incidence response Bring-your-own-device (BYOD) 51% 46% Yes No Don't Know Mobile device management Information risk management 40% 33% End-user security awareness 28% Forensics 26% 64% Security management 26% 17

How to tackle the workforce shortage? - Encourage new entrants - Clearer career path for CISO 18

19 What (ISC)² has done to tackle the shortage? Associate Program of (ISC)² Allows those just starting out in the information security workforce to demonstrate their competence in the field. Associates have passed a rigorous (ISC)² certification exam, proving their cybersecurity knowledge, and maintaining their continuing professional education (CPE) requirements while working toward completing the experience requirements to become fully certified as a (ISC)² Member --CISSP, SSCP or CCSP, etc. (ISC) 2 Center for Cyber Safety and Education Scholarship Program to invest in the education of future cybersecurity professionals with the goal of helping to fill the cybersecurity professional pipeline of tomorrow. Introduction of International Academic Program (IAP) (previously known as GAP) 19

U.S. Experience: Cybersecurity National Action Plan (CNAP)» Announced in Feb 2016 by President Obama Call to increase federal cybersecurity spending by 35% to modernize IT and address skills shortage, IoT US$4 trillion budget bill to the Congress -- US$62 million in cybersecurity personnel» Creation of a Federal Chief Information Security Officer (CISO) To drive cybersecurity policy, planning, and implementation across the federal government The position reports to the administrator of the Office of E- Government and Information Technology. The advertised annual salary range is US$123,175 to $185,100

CNAP (continued)» (ISC) 2 and KPMG survey federal cybersecurity executives on the state of cybersecurity in the federal government The 2016 State of Cybersecurity from the Federal Cyber Executive Perspective to be released in May 2016

Singapore Experience: National Infocomm Competency Framework (NICF)» The National Infocomm Competency Framework (NICF) developed by Infocomm Development Authority of Singapore (ida) and Singapore Workforce Development Agency (WDA)» The NICF Overview Map is a snapshot of the Infocomm sector» Serves as a reference for career progression and corresponding training pathways leading to NICF qualifications» Similar to U.S. DoD 8140 model

Job description of a CISO Contribute to the development of a strategy plan Select new technology models for business Develop a budget Develop strategic and action plans Align the IT needs with the strategic direction of the enterprise Identify and implement business innovation Maximise business value of IT investments Review and plan for risk to business solution providers Implement change management process Determine appropriate IT strategies and solutions Manage project costs Manage project risk Direct projects Manage stakeholders for project success Understand and apply compliance standards Develop business case that support information security program investments Formulate information security goals and objectives Manage overall information security risk Source: National Infocomm Competency Framework (NICF), IDA, Singapore 23

Infocomm Security Career Path proposed by NICF

(ISC)² Credentials

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback