The options for cybersecurity training have increased dramatically in the last five to ten years as the cybersecurity profession has matured. Meanwhile, high-profile hacking incidents at prominent companies such as Target and Sony Pictures serve as a constant reminder that higher education institutions are also primary targets of cyberattacks due to student and financial data, intellectual property, and valuable research. So what can colleges and universities do to solve the problem? The obvious answer is to establish an information security program, implement school-wide security protocols, create information security policies and procedures, and perform ongoing network testing. But to truly protect your campus, you need to invest in your IT staff.
Implement a Cybersecurity Training and Certification Program
Implementing a school-wide cybersecurity training program is the key to dramatically improving the security of your institution. Full-time employees who work in information technology will appreciate taking third-party training courses and certifications, as it will strengthen their cybersecurity skills and make them more aware of current cyberthreats and vulnerabilities.
Higher education cybersecurity training programs — at the highest level — generally include two components:
- In-house training on institutional policies, compliance, passwords, computer security, and data protection (to name just a few areas)
- External training and certifications in network security, cyberinvestigations, and penetration testing to develop more nuanced skill sets
This post will not cover in-house security training or provide a comprehensive list of certifications, but instead will look at some options offered by third-party organizations for cybersecurity training and certifications.
Network Security Certifications
The EC-Council Network Security Administrator (ENSA) certification [http://www.eccouncil.org/Certification/ec-council-network-security-administrator] assesses the ability to review internal and external threats against a network. This five-day course is perfect for campus system and network administrators (view the course outline [http://www.eccouncil.org/Certification/professional-series/ensa-course-outline]), who will learn how to create security policies and design firewall strategies and, more importantly, understand how to identify threats and risks for network security.
The GIAC has a number of security certifications that are ideal for college and university IT professionals. The GIAC Security Essentials program is a five-hour test (max) designed for professionals who are actively involved in IT security tasks. The course is only available to take at a GIAC test center and covers the following concepts, among others: contingency planning, critical security controls, honeypots, information warfare, and web application security.
Cybersecurity Investigation Certification
The McAfee Institute has created the Certified Cyber Intelligence Investigator (CCII) certification for IT professionals who have demonstrated expertise in cybersecurity and managing complex security issues. A high school diploma, associate's degree, or bachelor's degree is required to take the online exam. This certification helps staff become proficient in cyber investigation, intelligence gathering, social media investigations, ethical and privacy considerations, and much more.
Attack and Penetration Testing Certification
If you want your IT staff to get more hands-on experience with hacking, a great place to start is the Certified Expert Penetration Tester (CEPT) [http://www.iacertification.org/cept_certified_expert_penetration_tester.html] certification, offered by the IACRB (Information Assurance Certification Review Board). The certification includes two parts: a multiple-choice component where a minimum score of 70% is required and a take home exam. For the take-home exam, two months are allotted to complete different challenges: reverse engineer a Windows binary file, discover an exploit for Linux, and come up with a Microsoft Windows exploit.
Investment Is Key
Investing in your institution's IT staff will educate them about the risks and threats to your networks, data, and end users. With cyberattacks continuing to expand, the need for qualified and knowledgeable security employees is increasing. Create a campus-wide cybersecurity certification program for your IT workers to provide the professional development and training that they need to continue building their skills. You won't regret it!
Chad Fisher is the founder of Cybersecurity U, a site dedicated to educating students and professionals about all things network and cybersecurity related. Starting in 2015, Chad started compiling a list of cybersecurity degrees and certifications to help organize the ever-expanding list of cybersecurity certifications and the project continues to grow as more information is added in 2016 and beyond.
© 2016 Chad Fisher. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.