Provide a high level overview of the state of the cybersecurity workforce specif

Question

Explanation / Answer

1.a.Cyber security, also known as IT security, is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional or accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods.

The field is of growing importance due to the increasing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things. The more we start to rely on these "smart" devices, the more careful we need to be with security measures.

Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:

·         Application security

·         Information security

·         Network security

·         Disaster recovery / business continuity planning

·         Operational security

·         End-user education

One of the most problematic elements of cyber security is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against. Such an approach is insufficient in the current environment.

Although the healthcare industry is working toward modernizing its IT systems and building security, the failures carry very high risk since the information these organizations hold is often the most private.“What we consistently encountered was a strategic pitfall in cybersecurity environment,”

Cyber security task force

.To combat this, the task force identified six key imperatives: Define and streamline leadership, governance and expectations for healthcare cyber security; improve medical device and health IT security and resilience; develop the necessary healthcare workforce capacity to prioritize and ensure cyber security awareness and technical capabilities; increase industry readiness with better cyber security awareness and education; identify mechanisms to protect research and development efforts and intellectual property from attacks and exposures; and improve data sharing of industry threats, risks and mitigation.

Specifically, healthcare staffing issues have become so dire that three out of four hospitals don’t have a designated security person and have been forced to get creative with security needs.

In 2015, the healthcare industry experienced more breaches stemming from cyber attacks than any other industry, the report found. And the rise of ransomware in 2016 has only compounded the issue.

Adding to these risks is the flawed perception of small organizations that only large hospitals are being targeted by cybercriminals, and the task force found this is not the case. In fact, all healthcare organizations, no matter the size are being targeted due to the value and sensitivity of healthcare data.

“Given the interconnectivity and diversity within the sector, the interdependency of subsectors on one another, and the disparity between organizations’ ability to address cyber security issues, healthcare as a whole will only be as secure as the weakest link,” they said.

The report -- compiled by 21 cyber security experts -- contains over 100 recommendations in response to these imperatives that will bolster cyber security in the healthcare industry. Included in those recommendations is a call for a healthcare-specific cyber security framework.

The report also called for the HHS Secretary to name and resource a cyber security leader for sector engagement, who would work with federal, state and industry partners. The leader would create a plan to establish cyber security priorities, report to other federal agencies and coordinate with the U.S. and international intelligence agencies to bolster the Vulnerability Equities Process.

1.b Five knowledge domain and expertise areas that are relevant to cybersecurity and healthcare

1. Microsoft Technology Associate (MTA) Security Fundamentals

The MTA Security Fundamentals is the most "entry-level" in the bunch. Aimed at high school and early college students, as well as those in the workforce who are looking to change careers, the MTA Security Fundamentals recognizes knowledge of core security principles as well as the basics of operating system, network and software security.

To improve your chances of achieving the MTA Security Fundamentals certification, Microsoft recommends that you have some hands-on experience with Windows Server, Windows-based networking, firewalls and other common security products.

2. ISACA CSX Cybersecurity Fundamentals Certificate

The CSX Cybersecurity Fundamentals Certificate is relatively new to the ISACA certification program and was designed to fill the entry-level niche. Geared toward recent post-secondary graduates and those seeking career changes, this certificate covers five cybersecurity-related domains: concepts; architecture principles; network, system, application and data security; incident response; and security of evolving technology.

3. CompTIA Security+

Perhaps the most well-known entry-level security certification is the Security+, which covers a wide array of security and information assurance topics, including network security, threats and vulnerabilities, access controls, cryptography, risk management principles, and application, host and data security. The certification meets U.S. Department of Defense Directive 8570.01-M requirements an important item for anyone looking to work in IT security for the federal government and complies with the Federal Information Security Management Act (FISMA).

CompTIA recommends that candidates have two years of relevant experience and achieve the Network+ credential The Security+ leads to such jobs as security administrator, security specialist and network administrator, among others.

4. GIAC Information Security Fundamentals (GISF)

GIAC gears the GISF toward system administrators, managers and information security officers who need a solid overview of information assurance principles, defense-in-depth techniques, risk management, security policies, and business continuity and disaster recovery plans

After achieving the GISF, consider pursuing the GIAC Security Essentials (GSEC), an intermediate-level certification that takes a big step beyond foundational information security concepts.

5. (ISC)2 Systems Security Certified Practitioner (SSCP)

The (ISC)2 Certified Information Systems Security Professional (CISSP) is probably the most recognizable and popular security certification today. But (ISC)2 offers several security-related certifications, with the ANSI-accredited SSCP filling the entry-level slot. The SSCP prepares you for such jobs as systems security analyst, network security engineer and security administrator, which typically start at the junior level if you don't already have technical or engineering-related information technology experience.

To achieve the SSCP, includes seven common body of knowledge (CBK) domains: (1) Access Controls, (2) Security Operations and Administration, (3) Risk Identification, Monitoring, and Analysis, (4) Incident Response and Recovery, (5) Cryptography, (6) Network and Communications Security, and (7) Systems and Application Security.

1.c. Develop, recruit, and retain cybersecurity talent

1. Create and maintain an active social presence

2. Engage young and entry-level talent

3. Consider not requiring a bachelor's degree

4. Highlight your company's projects, tools & technologies

5. Be a thought leader

6. Don't rely on salary alone

7. Interact within the cyber security community on their terms

8. Be patient and get creative

9. retaining staff and help create a positive working environment.

10. Employee engagement

11. Stay Interviews

12. employee motivation and morale

13. Integrate values such as integrity, empowerment, perseverance, equality, discipline and accountability

14. Create a culture

Reference:

http://whatis.techtarget.com/definition/cybersecurity

resources.infosecinstitute.com/cybersecurity-in-the-healthcare-industry

www.healthcareitnews.com/.../hhs-task-force-says-healthcare-cybersecurity-critical-co

https://www.businessnewsdaily.com/9661-cybersecurity-certifications.html

https://www.cio.com/article/.../careers.../8-tips-for-recruiting-cybersecurity-talent.html

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.