Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

Security Education Training Program Characteristics needed to Development Task of Security Software in Security Majors of 5 Universities of Seoul Region

서울지역 5개 대학 보안 전공들의 보안소프트웨어의 개발 직무에 필요한 보안 교육 훈련 프로그램 특성

  • Hong, Jin-Keun (Division of Information Communication Technology, Baekseok University)
  • Received : 2019.03.25
  • Accepted : 2020.05.20
  • Published : 2020.05.28
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

본 논문에서는 NICE(National Initiative for Cybersecurity Education)의 사이버보안 인력양성 프레임워크에서 권고하는 보안 소프트웨어 개발 직무에 필요한 기술과 역량을 중심으로 연구하였다. 본 논문에서는 보안 소프트웨어의 개발 직무에 어떤 보안기술이 필요하고 어떤 보안 역량을 보유해야 하는지에 대해 살펴보았다. 본 논문의 초점은 보안 소프트웨어의 개발 직무에 필요한 보안기술(핵심기술과 특화기술)과 국내 서울에 위치한 정보보호 관련 학과의 교육과정 사이의 일치성을 분석하는데 있다. 이 분석을 하는 이유는 서울에 위치한 5개 대학의 정보보호 관련 학과에서 실시하는 교육과정이 보안 소프트웨어 개발 직무를 수행하는데 얼마나 적합한 교육체계를 갖추고 있는지를 살펴보기 위함이다. 결론적으로, 만일 연구된 5개의 관련 학과가 보안 소프트웨어의 개발 직무 개발자를 집중적으로 양성하고자 한다면, 공통적으로 보안 테스팅과 소프트웨어 디버깅, 시큐어 소프트웨어 개발 방법, 위험관리, 개인정보식별과 프라이버시, 정보보증에 대한 교육이 필요하다.

Keywords

References

  1. C. Curricula. (2017). Curriculum guidelines for post-secondary degree programs in cybersecurity. New York : IEEE Computer Society. https://cybered.hosting.acm.org/wp/wp-content/uploads/2018/02/csec2017_web.pdf
  2. W. Park & S. Ahn. (2017). Enhancing Education Curriculum of cybersecurity Based on NICE. KIPS Trans. on Comp. and Comm. Sys., 6(1), 321-328. DOI : 10.3745/KTCCS.2017.6.7.321
  3. S. Hong. (2018). A Study on the Framework of Comparing New Cybersecurity Workforce Development Policy Based on the ATE Programs of U.S. Journal of the Korea Institute of Information Security and Cryptology, 28(1), 249-267. DOI : 10.13089/JKIISC.2018. 28.1.249
  4. Competency Model Clearinghouse. (n.d.). Cybersecurity Competency Model (Online). https://www.careeronestop.org/CompetencyModel/competency-models/pyramid-download.aspx?industry=cybersecurity
  5. https://dodcio.defense.gov/Cyber-Workforce/DCWF.aspx
  6. William Newhouse, Stephanie Keith, Benjamin Scribner, Greg Witte. NICE Cybersecurity Workforce Framework. NIST SP 800-181.
  7. NICE Webinar Series. (n.d.). How You can influence an updates to the NICE framework(Oline). https://www.nist.gov/system/files/documents/201 9/12/04/NICEFramework_Webinar_FINAL.pdf
  8. D. Yuan. (2017). Design and develop hands on cyber-security curriculum and laboratory. Computing Conference 2017 (pp. 1176-1179). IEEE. DOI : 10.1109/SAI.2017.8252239
  9. A. Lodgher, J. Yang & U. Bulut. (2018). An Innovative Modular Approach of Teaching cybersecurityacross Computing Curricula. In 2018 IEEE Frontiers in Education Conference (FIE) (pp. 1-5). IEEE. DOI : 10.1109/FIE.2018.8659040
  10. S. Naqvi, P. Sommer & M. Josephs. (2019). A Research-Led Practice-Driven Digital Forensic Curriculum to Train Next Generation of Cyber Firefighters. In 2019 IEEE Global Engineering Education Conference (EDUCON) (pp. 1204-1211). IEEE. DOI: 10.1109/EDUCON.2019.8725129
  11. S. Azadegan & M. O'Leary. (2016) An undergraduate Cyber Operations curriculum in the making: A 10+ year report. In 2016 IEEE Conference on Intelligence and Security Informatics (ISI) (pp. 251-254). IEEE. DOI : 10.1109/ISI.2016.7745484
  12. K. Kim, J. Smith, T. A. Yang & D. J. Kim, (2018). An Exploratory Analysis on Cybersecurity Ecosystem Utilizing the NICE Framework. In 2018 National Cyber Summit (NCS) (pp. 1-7). IEEE.
  13. N. Miloslavskaya & A. Tolstoy. (2016). State level views on professional competencies in the field of IoT and cloud information security. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 83-90). IEEE.
  14. Conklin Wm Arthur, Cline Raymond E, Roosa Tiffany. (2014). Re engineering cyberseucirty educationin the US : An analysis of the critical factors. System Sciences (HICCS) 47th Hawaii International Conference 2014 (pp. 2006-2014). IEEE
  15. I. Alsmadi & M. Zarour. (2018). Cybersecurity programs in Saudi Arabia: Issues and Recommendations. In 2018 1st International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-5). IEEE.
  16. B. D. Caulkins, K. Badillo-Urquiola, P. Bockelman & R. Leis. (2016). Cyber workforce development using a behavioral cybersecurity paradigm. In 2016 International Conference on Cyber Conflict (CyCon US) (pp. 1-6). IEEE.