The National Academies Press

Currently Skimming:

1 Cybersecurity, the Cybersecurity Workforce, and Its Development and Professionalization
Pages 5-13

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 5... ... Cybersecurity involves the articulation and enforcement of security policies for information and communications systems and the implementation of associated technical solutions, mechanisms, and programs. These policies protect various desirable attributes of a system -- for example, confidentiality, possession or control, integrity, authenticity, availability, and tility.1 Privacy is closely associated with u security; for example, confidentiality is required to protect information from unwanted disclosure. Read the entire page →
From page 6... ... Although many of the fundamental cybersecurity challenges have endured over time, the underlying information and communications technologies and their applications continue to change rapidly. For example, recent years have seen the rapid adoption of smart phones and tablets by consumers and employers and the associated phenomenon of "bring your own device," which has rapidly infused mobile devices into the workplace. Read the entire page →
From page 7... ... 7 National Initiative for Cybersecurity Education, Department of Homeland Security and Federal CIO Council, 2012 Information Technology Workforce Assessment for Cybersecurity Summary Report, Washington, D.C., 2013. Read the entire page →
From page 8... ... 8 and nearly 90,000 local governments and public school systems9 in the United States. Not all necessarily have full-time cybersecurity workers, but all must have someone responsible for that organization's cybersecurity, at least to make decisions about which information technology and cybersecurity products and services to acquire. Read the entire page →
From page 9... ... Another complication in measuring supply and demand is that the job categories used in the collection of statistics by the Department of Labor are not always well aligned with the occupation of interest. For example, as noted above, the "information security analysts" category does not necessarily include everyone who is a cybersecurity worker, and there may be cybersecurity workers who do not neatly fit into a single category. Read the entire page →
From page 10... ... For example, the cybersecurity capabilities of employers vary considerably and include the following: • Employers with large, specialized cybersecurity operations that have built up a cadre of highly skilled, extensively trained specialists who work together on the most complex cybersecurity problems. Such organizations are characterized by willingness and ability to make the necessary invest 11 National Research Council, Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop, The National Academies Press, Washington, D.C., 2010. Read the entire page →
From page 11... ... Because attacks can cross international borders, cybersecurity work sometimes has an international dimension. Cybersecurity work may involve coordinating activities in multiple countries and thus require the ability to work with international counterparts from both the private sector and other governments and the knowledge and skills to properly c omply with rules and policies that can differ by jurisdiction. Read the entire page →
From page 12... ... For example, the Bureau of Labor Statistics estimates a faster-than-average growth rate in employment for the decade 2010 to 2020 of "information security analysts," a labor category that represents a significant subset of the cybersecurity workforce.15 In a 2012 survey of information security professionals, more than half reported that their organizations had too few information security workers.16 There are a number of factors that could increase or decrease the needed capacity in particular areas or affect the needed workforce capabilities, including the following: • How the cybersecurity challenge will evolve as new technologies and threats emerge and old threats evolve, and what the resulting workforce requirements will be. At least historically, new technologies have been deployed without sufficient attention to the security implications, and bad actors have found ways to exploit the resulting vulnerabilities. Read the entire page →
From page 13... ... For example, better software design and development from a security perspective would result in fewer vulnerabilities to be exploited (and thus potentially require fewer people to detect, patch, and respond) , better tools and techniques for cybersecurity might reduce the number of workers needed in certain roles and change the skills needed for others, more robust law enforcement action might reduce the incidence of certain forms of cybercrime, better training and understanding of security among system administrators would enable them to better "harden" systems, and better training of the workers that operate systems would help them avoid actions that undermine security. Read the entire page →

From page 5...

... Cybersecurity involves the articulation and enforcement of security policies for information and communications systems and the implementation of associated technical solutions, mechanisms, and programs. These policies protect various desirable attributes of a system -- for example, confidentiality, possession or control, integrity, authenticity, availability, and tility.1 Privacy is closely associated with u security; for example, confidentiality is required to protect information from unwanted disclosure.

Read the entire page →

From page 6...

... Although many of the fundamental cybersecurity challenges have endured over time, the underlying information and communications technologies and their applications continue to change rapidly. For example, recent years have seen the rapid adoption of smart phones and tablets by consumers and employers and the associated phenomenon of "bring your own device," which has rapidly infused mobile devices into the workplace.

Read the entire page →

From page 7...

... 7 National Initiative for Cybersecurity Education, Department of Homeland Security and Federal CIO Council, 2012 Information Technology Workforce Assessment for Cybersecurity Summary Report, Washington, D.C., 2013.

Read the entire page →

From page 8...

... 8 and nearly 90,000 local governments and public school systems9 in the United States. Not all necessarily have full-time cybersecurity workers, but all must have someone responsible for that organization's cybersecurity, at least to make decisions about which information technology and cybersecurity products and services to acquire.

Read the entire page →

From page 9...

... Another complication in measuring supply and demand is that the job categories used in the collection of statistics by the Department of Labor are not always well aligned with the occupation of interest. For example, as noted above, the "information security analysts" category does not necessarily include everyone who is a cybersecurity worker, and there may be cybersecurity workers who do not neatly fit into a single category.

Read the entire page →

From page 10...

... For example, the cybersecurity capabilities of employers vary considerably and include the following: • Employers with large, specialized cybersecurity operations that have built up a cadre of highly skilled, extensively trained specialists who work together on the most complex cybersecurity problems. Such organizations are characterized by willingness and ability to make the necessary invest 11 National Research Council, Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop, The National Academies Press, Washington, D.C., 2010.

Read the entire page →

From page 11...

... Because attacks can cross international borders, cybersecurity work sometimes has an international dimension. Cybersecurity work may involve coordinating activities in multiple countries and thus require the ability to work with international counterparts from both the private sector and other governments and the knowledge and skills to properly c omply with rules and policies that can differ by jurisdiction.

Read the entire page →

From page 12...

... For example, the Bureau of Labor Statistics estimates a faster-than-average growth rate in employment for the decade 2010 to 2020 of "information security analysts," a labor category that represents a significant subset of the cybersecurity workforce.15 In a 2012 survey of information security professionals, more than half reported that their organizations had too few information security workers.16 There are a number of factors that could increase or decrease the needed capacity in particular areas or affect the needed workforce capabilities, including the following: • How the cybersecurity challenge will evolve as new technologies and threats emerge and old threats evolve, and what the resulting workforce requirements will be. At least historically, new technologies have been deployed without sufficient attention to the security implications, and bad actors have found ways to exploit the resulting vulnerabilities.

Read the entire page →

From page 13...

... For example, better software design and development from a security perspective would result in fewer vulnerabilities to be exploited (and thus potentially require fewer people to detect, patch, and respond) , better tools and techniques for cybersecurity might reduce the number of workers needed in certain roles and change the skills needed for others, more robust law enforcement action might reduce the incidence of certain forms of cybercrime, better training and understanding of security among system administrators would enable them to better "harden" systems, and better training of the workers that operate systems would help them avoid actions that undermine security.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

1 Cybersecurity, the Cybersecurity Workforce, and Its Development and Professionalization Pages 5-13

1 Cybersecurity, the Cybersecurity Workforce, and Its Development and Professionalization
Pages 5-13