human resources development in the field of cyber security · 2016. 9. 12. · among them has...
TRANSCRIPT
![Page 1: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/1.jpg)
Human Resources Development in the
Field of Cyber Security
October 2014
Masayuki KOIKE
Director, Local Informatization and Human
Resource Development Office,
Information Service Industry Division,
Commerce and Information Policy Bureau,
Ministry of Economy, Trade and Industry (METI)
![Page 2: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/2.jpg)
○ Many information systems in Japan are closely connected with practical business in enterprises and organizations. It is often the case that construction and operation of these information systems, including security measures, are entrusted to specialists (IT vendors).
○ In principle, engagement of personnel of enterprises- IT users with thorough knowledge on the details of their practical business is indispensable on occasion of the construction and operation of its information system with reflection on the details of practical businesses.
○ According to an estimation by the Information-technology Promotion Agency (IPA), there are around 265 thousand people working in the information security field in Japan and only 105 thousand people among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings for the other 160 thousand people.
○ Besides, there are around 80 thousand human resources in potential shortage. It is an urgent challenge in light of information security policy of Japan to take necessary measures toward solution of this problem.
1
Source: New Information Security Human Resource Development Program (the
decision of Information Security Policy Meeting on May 19, 2014)
The Challenge in Cyber Security Human resources (1):
for Practical Business Players as Enterprises
![Page 3: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/3.jpg)
・・・applicable both in springand in autumn ・・・available in spring ・・・available in autumn
On Information Technology Engineers Examination in Japan
○Reflecting on the lack of Information Technology Engineers and the demand for establishment of Programmer certifying examination, the Information Technology Engineers Examination (ITEE) started in 1969. Now around 500 thousand examinees participate every year and it is utilized by a number of enterprises and educational institutes.
○17.53 million people applied and 2.17 million participants passed in the period of 45 years by the end of 2013 FY. The ITEE plays an important role in IT human resources development in Japan.
2
For all the business people For IT Engineers (Vender side/ User side)
Basic
kn
ow
ledge r
equ
este
d t
o
every
bu
sin
ess p
ers
on
wh
o
utiliz
es IT
IT P
assp
ort
E
xam
ination
Advan
ced
Kn
ow
ledge/
Skill
Applied knowledge/S
kill
Fundamental knowledge/S
kill
IT S
trate
gis
t E
xam
ination
Sys
tem
s A
rch
itect
Exam
ination
Pro
ject
man
ager
Exam
ination
Netw
ork
Specia
list
Exam
ination
Data
base S
pecia
list
Exam
ination
Em
bedded S
yste
ms
Sp
ecia
list
Exam
ination
Info
rmation
Secu
rity
S
pecia
list
Exam
ination
IT S
erv
ice M
an
ager
Exam
ination
Sys
tem
s A
uditor
Exam
ination
Applied Information Technology Engineer Examination (AP)
Fundamental Information Technology Engineer Examination (FE)(IP)
(ST) (SA) (PM) (NW) (DB) (ES) (SC) (SM) (AU)
・・・available all year round
![Page 4: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/4.jpg)
2013 FY 2012 FY 2011 FY
No. of applicants 56,452 57,944 57,243
No. of participants 36,905 39,092 37,198
No. of the successful 5,147 5,407 5,110
(% of the no. of SC
applicants to all)(12.0%) (11.9%) (9.9%)
% of pass 13.9% 13.8% 13.7%
【the statistical data of the Information Security Specialist
Examination (for the last 3 years)】
【Where located in the whole map of Information
technology Engineers Examination】
【The Targeted People】
Those who has established specialties as advanced IT engineer,
supports realization of security functions in plannig, requirements-
defining, developing, operating and maintaining information system
in accordance with information security policy, or equip information
system basis, and supports information security management as a
specialist of information security technology.
・Increase in the targeted cyber attack
・New type of unauthorized access・appearance of new type viruses
The threat of theft of secrets and stop of devices(The Threat of increase in loss of enterprises)
THREAT
Appropriate Security Management by Specialists is Necessary
Evaluation through national examination
National Examination to evaluate Security Specialists
【The scope of questions 】
○Planning, requirements-defining, development, operation and
maintenance of information security system (such as secure-
programming)
○Operation of information security (such as countermeasures
against unauthorized access)
○Information security technology (countermeasures against viruses)
○Management of development(such as Information security
management of development environment)
○Information security-related legal requirements (such as Copyright
Act, Personal Information Protection Act)
The Information Security Specialist Examination is…
3
(reference) the overview of the Information Security Specialist Examination (SC)
For All the Business people
For IT Engineer (Vender Side / User side)
Basic
kn
ow
ledge
IT P
assport
E
xam
ination
Ad
van
ced
Applied
Fundamental
ST
SA
PM
DB
ES
NW
SC
SM
AU
AP
FE
![Page 5: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/5.jpg)
For IT Passport Examination adopted the Computer-Based Test (CBT) for the first time as a national examination in Japan.
☑You can choose the data/time of test in accordance with your schedule !!→ At any time all year round!
【How to Apply】 through internet (at the official website)【the Fee】 5,100 JP Yen (tax included)
【Test Schedule】 Application and Exmination available all year round
How to Apply
Examination is available at any time, anywhere, any times
you want.
Boucher Ticket system for group application available!【For more details on the Web site 】 Official Website (in Japanese)(https://www3.jitec.ipa.go.jp/JitesCbt/)
Official
Character of
IT Pass Exam.
iパス SEARCH
☑Approximately 120 test centers all over Japan→ Available wherever you want !
(※Exam schedule differs according to the test center)
☑You can check not only the result but also the score !(Able to check out the score after the exam at once.→ Able to check the score divided by sphere. Always new technologies are
reflected. You can try any times you want to make sure your level-up !
4
The score divided by
sphere
available(strategy,
management,
technology). Useful for
ability measurement.
Reference: The overview of IT Passport Examination (IP)
![Page 6: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/6.jpg)
>Background>○Sharp Increase in Importance of Information Security
○The shortage of Information Security Human Resources both in quantity and quality
Necessary to improve IT literacy among the whole nationals including knowledge of Information Security. Necessary to excavate, foster and make use of Information Security Human Resources.
Increased the frequency of Information Security- related questions in all of the types of Information Technology Engineers Exams, including IT Passport Exam.
IT Passport Exam. Sharp Increase in the Percentage of Information
Security –related Questions (by twice)
Fundamental ITEngineer Examination(FE) Applied ITEngineer Exam.(AP)
In the morning exam increased the percentage ofSecurity related questions
In the afternoon exam the status of Information Security sphere has been changed from selective to obligatory.
Advanced Exam.
In the morning exam.Ⅰand Ⅱ increased the percentage of Security related questions
In IT Strategist Exam.(ST) and Project Manager Exam. (PM) added Security-related questions to the scope of morning exam.Ⅱ.
(Security questions appear in all the category of advanced exam)
※ Source: IPA Press Release http://www.ipa.go.jp/about/press/20131029.html (Note) IT Pass exam changed from May 7th 2014.The rest of exams changed from the spring exam in 2014.
5
METI Activity No.1: Strengthening the frequency of Information Security-related
questions in Information Technology Engineers Examination
![Page 7: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/7.jpg)
6
The globalization of software technology and market has led to the increase in necessity of securing trans-border high-quality IT human resources and enhancing their liquidity. Therefore, METI is arranging coordination with the related institutions towards mutual recognition of IT Engineers Examination and enlargement of similar examination to ITEE.
To enlarge these arrangements in Asian region etc. for the sake of securing advanced human resources oversees and enhancing their liquidity.
The results achieved:
Mutual Recognition with 12 Asian countries/regions (Bangladesh, China, India, Korea, Malaysia, Mongolia, Myanmar, Philippine,Singapore, Thailand. Taiwan, Vietnam)
Arrangement of Common Examination through assistance in Asia: 7 countries (Bangladesh, Malaysia, Mongolia, Myanmar, Philippine, Thailand, Vietnam)
Information Technology Engineers Examination in Asia
Special MeasuresforImmigration Control on the base of Mutual Recognition To the passers and holders of
the examination and the
qualifications listed in Public
Notice of the Ministry of Justice,
a preferential immigration
treatment is applied. It is about
the criteria pertaining to the
status of residence, which is
required to work in Japan as
Engineer or for Designated
Activities.
Every examination and
qualification listed in the Public
Notice of the Ministry of Justice
can be counted as the points in
“ Points-based preferential
immigration treatment for highly
skilled foreign
professionals“ system.
![Page 8: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/8.jpg)
<Background>○The rapid spread of portable devices such as
smart-phones and use of cloud services has lead
to mutual connection of systems and devices
inside and outside enterprises.
○The period of “Internet of Things” is coming up.
→Taking into account the complicatedness and
development in cyber attack techniques, it is
necessary for all the enterprises, including
manufacturing industry and critical infrastructure
industry, to design items/service and business
plan with care for external threats.
<The shortage of information security human resources
>○In Japan there is shortage of around 80 thousand information security
human resources. Among 260 thousand engineers involved in
information security measures 160 thousand perople have limited
capability (Estimation by IPA)
<Challenge>○Proactive measures should be taken not only by IT vendors
but also IT users.
○In light of spread of mobile devices, it is urgent task
especially for companies- IT users to develop human
resources who are capable of educating general users
inside the company and taking security measures in
cooperation with IT engineers.
<Countermeasures forward>○To create “information security management examination”
category which will evaluate the necessary knowledge and
capability of human resources in charge of security in
enterprises, within the framework of Informaton technology
Engineers Examination as a national examination
・・・
i7
○ To create a new category “Information Security Management Examination” with scope of
necessary knowledge for operation of security policy of organization, in order to solve the
problem of shortage of information security human resources in companies- IT users.
(Aiming at its start from 2016 FY.)
METI Actibity No.2: To consider the creation of a new examination
towards solution of Shortage of Human Rsources Issues
![Page 9: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/9.jpg)
○ Information security sphere keeps changing rapidly. To handle the everyday-occuring new incidents and advaced incidents, it is not enough only to improve the quality of the general ability of personnel in charge of information security and solve the HR shortage. It is necessary to secure the cutting-edge human resources with advanced speciality who are capable of creating new solutions in accordance with environment change.
○ The human resources with advanced specialty can lead the engineers in charge of telecommunication sector. They can also contribute to improvement of ability of next generation of Information security human resources, and to protection from global attacks and to creation of new industry.
8
[Source: New Information Security Human Resource Development Program (the
decision of Information Security Policy Meeting on May 19, 2014)]
The Challenge for security Human Resources No.2
Need for the human resources with advanced specialty and cutting-edge ability
![Page 10: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/10.jpg)
9
○To expand the range of young security human resources scouting and to create global top-level resources are necessary to appropriately deal with cyber attacks with high complexity.
○To hold training camp for youth (under 22 years old) by private companies and IPA and to transfer security technology, including the ethical aspect, and leading-edge know-how by front-line engineers. So far 480 students participated (in 2004FY- 2014FY).
○To arrange security camps in regional areas and to expand the skirt of security human resources through exchange programs.
※Security Camp Organization ConferenceEstablished to organize spread and enlarge “Security-Camp” with distinguished lecturers in Business and Education sectors to scout and foster young security human resources. The conference consists of 30 members-companies- organizations(as of Feb. 2014).
Enlarge skirt and circle of young cutting-edge human resources hunting
Regional Contests
Local Lectures
exchanges caravans
Security Camp National Contest(training camp-style lecture)Lecturers The selected cutting-edge
human resources participate in security camp (general meeting)
2014 Security Camp : Main Results
To promote scouting and fostering young security human resources through Public-
Private Partnership
Security Camp Organization Conference
Exchange with
companis-conference members
Top-level engineers
Total participants:438 students (in 2004-2013 FY)
<National Contest>Period: August 12-16place:pref. Chiba Participants:42
<Regional Contest>Period: May 31st - June 1st.Place: pref. AichiParticipants:101(the first day), 19(the second day)
Period :August 29 - 31Place: pref. FukuokaParticipants:106(the first day), 19 (the second day)
Period :September 13 - 14Place:pref. Fukushima Participants :20
※ To be organized in Hokkaido, Okinawa
METI activity No.3 : Overview of Security Camp
![Page 11: Human Resources Development in the Field of Cyber Security · 2016. 9. 12. · among them has necessary skills. Hence, it is necessary to organize certain education programs and trainings](https://reader036.vdocuments.us/reader036/viewer/2022071404/60f8394b708afe61d91f9553/html5/thumbnails/11.jpg)
10
○In 2012 FY the first contest was organized as METI’s commissioned project to research feasibility and effectiveness of the CTF contest as a platform for practical training.
○From 2013 FY through Private- public Partnership.○In 2013 FY more than 1300 people participated※CTF(Capture The Flag) is a contest in which participants struggle to get the flag- information stored in the system. It is practical training with
assumption of occurrence of information security attack.
PrivateSponsor
Japan Network security Association(NPO)Implementation Committee
CTF Contest Organizer
National Contest
Regional Regional Regional Regional
Targeted Participants
Private Company,organization
Gov organization Students
support
2012 FY(research)
2013 FY~(Private- Public
Partnership)
supportentrust
Operated by NRI Secure Technologies and so on
Targeted Patticipants
Business person no younger than 23
※Other CTF Contest for students were also organzed
Information Security Policy meeting
Gov. bodies/organizations
Regardless of position, age and nationality
To organize Regional Contest from August. In March 2014 National Contest in Tokyo.
METI Activity No.4 :CTF(Capture the Flag) Contest through Private- Public Partnership