Sergey Nivens - Fotolia
IT security certification body (ISC)2 has published accreditation criteria for teaching cyber security to more than 20,000 UK undergraduates a year from September 2015.
The UK’s first higher education leaning guidelines for undergraduate computing degrees will now form part of the accreditation criteria referenced by BCS, the Chartered Institute for IT.
Bill Mitchell, director of education at BCS, said the guidelines will provide additional direction on cyber security elements to complement the existing information security criteria for computing-related degrees accredited by the BCS.
The guidelines will transform UK computing degree courses by ensuring that cyber security is taught in almost every computing degree at 100 universities across the UK.
The new-look degree courses are a key initiative in the government’s National Cyber Security Strategy to address the growing cyber security skills shortage.
Embedding cyber security principles
Cabinet Office minister Matthew Hancock said the UK can maintain its world-class cyber security sector only if there are enough skilled professionals.
“Initiatives such as this are excellent examples of encouraging the best young people to consider careers in cyber security,” Hancock said.
The guidelines will help universities embed and enhance relevant cyber security principles, concepts and learning outcomes in their curricula at all levels.
This aims to ensure students are taught a broad spectrum of cyber security concepts, from threats and attacks to good governance and designing secure systems and products based on up-to-date industry expertise.
The guidelines also include core concepts such as information and risk, security architecture and operations, and cyber security management.
Read more about the information security skills gap
- Harnessing existing expertise could address the demand for competence in countering cyber security threats.
- IT has an ongoing problematic shortage of enterprise cyber security skills.
- ISACA launches Cybersecurity Nexus programme to help address the security skills shortage.
- E-skills and UK security employers offer route into cyber security for the young and talented.
The UK university guidelines seek to bring computing degrees into closer alignment with industry requirements. It is hoped universities will provide graduates with the understanding and knowledge of cyber security necessary to building the IT infrastructure to support the UK economy.
“This marks a significant shift in teaching security in higher education; cyber security is now recognised as integral to every relevant computing discipline, from computer game development to network engineering,” said Carsten Maple, professor of cyber systems engineering at the University of Warwick and vice-chair of the CPHC.
“Previously, cyber security was treated as a separate discipline to computing, with students taught how to create applications or develop systems and technology – but not how to secure them; leading to proliferation of systems with built-in vulnerabilities,” he said.
Fixing UK security skills shortage
Maple said the guidelines provide a practical and accessible way of incorporating cyber security into university curricula and moving the discipline forward.
The UK has long been affected by both a cyber security talent shortage and a mismatch between the capabilities of computing graduates and the requirements of industry, said Adrian Davis, European managing director of (ISC)2.
“These compounding issues have ultimately been compromising our ability to both build and defend the digital economy and UK plc,” he said.
The UK is now among the first nations in the world to ensure cyber security will be embedded throughout every relevant computing degree, said Davis.
“Crucially, the most up-to-date skills will be taught as the framework is built and maintained with the input of front-line information and cyber security professionals. UK graduates entering the workforce will be able to immediately put their skills to use,” he said.
(ISC)2’s latest Global Information Security Workforce Survey found 62% of UK organisations have too few cyber security workers; and 20% of UK respondents admitted they would take over eight days to rectify a security breach.
The survey forecasts a 1.5 million global shortfall of information security professionals by 2020, which means organisations are increasingly struggling to manage threats, avoid errors and are taking longer to recover from cyber attacks,