When I first started in Information Security, securing the environment was thought to be the Chief Information Security Officer’s responsibility. This, of course, was in the brick and mortar times, with limited functions being done through the internet. There were firewalls at the perimeter to keep the bad guys out. All of this has changed over the last few decades (I know I’m dating myself here!). With the proliferation of mobile technology, online services, and pretty much every business operating in multiple locations across the globe, there is no longer a true perimeter. This has given us an opportunity to rethink Information Security and how its principles should be taught within the educational programs of tomorrow.
To respond to the dynamics of an ever-changing environment, every person in the organization must understand their role in building and maintaining a secure environment. This means that at the core of information security, security awareness must be a living, breathing program in which the business and IT stakeholders can feed information back into the process in a meaningful way, thus creating a feedback loop. The feedback coming in should describe specific information on how controls can be implemented or enhanced in a more efficient way for the business unit’s specific area. Stakeholders need to address the level of risk present while maintaining or increasing the level of security in place.
This core process creates an opportunity for all business and information technology units to contribute to the overall security program, a process in which communication becomes paramount. This means that communication training for the technicians of the future is a critical curriculum component. Educational programs should focus on ensuring students have solid communication skills in order to facilitate vital communication between information security, the business, and IT. Folded into learning how to communicate is the understanding that we all learn and communicate differently. This is why educational programs should also make various modes of learning available.
Ultimately, if we understand that Information Security is everyone’s responsibility, then we must arm those responsible with the knowledge and skills to support this mission. Empowering everyone with solid communication skills and the opportunity to learn this skill in new ways is vital to the program’s success. This is one of the most important skills the next generation of technicians must have.