A widening skills gap in IT security wouldn’t just be disappointing — it could be downright dangerous.
Ryerson University, one of the largest providers of continuing education programs in Canada, has just launched a certificate program in computer security and digital forensics, focusing on the twin problems of securing networks and nabbing the people responsible for attacking them afterwards. The courses required to get the certificate can be taken either on campus or via distance education.
The university says the program is unique in Canada due to its specificity; it combines courses in security architecture and design, cryptography, digital forensics and legal topics into a single package. Program director Alex Ferworn says it’s a field that is attracting far more interest today than it did years ago.
He recalls writing an article on computer security during the heyday of the mainframe and before the Internet became widely used. Outside of the academic community, hardly anyone bothered to read it, he says. Back then, he says, “there was no real mechanism to actually break into any system except through a telephone line.”
But now, Ferworn says, things have changed dramatically. “Everything’s under attack virtually all the time.”
The program is intended both for people starting out in the security field, law enforcement agents and employees responsible for the general administration of IT networks. The latter, says Feworn, are expected to keep these systems secure but aren’t necessarily specialists. “Even cops seem to be sort of thrust into this business without having a lot of formal background in it,” Fernworn says.
Since the legislation on cyber crimes is relatively new and evolving, a continuing education program is a good format for IT professionals who need to stay current on the laws, he says. Since any errors on their part could mean exposing users’ personal information, they themselves could face legal accusations of negligence, he says.
If the technical component of the program deals with defence, the legal one is about the counter-offensive. “Everybody tries to catch the hacker, but actually putting the hacker in jail is more difficult,” says Ferworn.
While the course is designed to be practical, the basic theoretical principles behind cryptography, for example, are taught as well to give students more insight into tasks they may already be performing. In his experiences with police, says Fernworn, “they knew what they were doing, in the sense that they knew how to use the tools, but they didn’t know the background of what things were, and we found there’s a lot of curiousity about it,” he says.
Next-generation IPS and firewall
Next-generation enterprise firewalls (NGFW) include intrusion prevention system (IPS) technology that enables them to spot and block cyber attacks. But they do not replace IPS solutions—you need both. This HP business white paper shows how NGFW and next-generation IPS (NGIPS) are complementary security solutions that work together to secure your network.