|
|
This year will be devoted to the development of regulation in the field of personal data protection (PD), said the head of the Ministry of Digital Development of the Russian Federation Maksut Shadayev. In addition to other measures, the department is considering creating a domestic certification system for information security (IS) specialists. The need for it has become urgent, because in the coming years the IS market in Russia will switch to products of domestic manufacturers, and international certification programs are becoming increasingly inaccessible in the current conditions, experts note.
WE NEED IT
The head of the Russian Ministry of Digitalcontent writing service Development, Maksut Shadayev, announced plans to create a domestic certification system for information security specialists during a webinar at the end of December 2022. According to him, the innovations will encourage companies to invest more in protecting their IT infrastructures.
It is necessary to form an entire industry, launch accreditation centers, cybersecurity should formulate requirements. This topic is related to the planned introduction of turnover fines for data leaks," the minister said.
Head of the Information Security Committee of the ARPP "Domestic Software", Director of Strategy and Development of Axiom JDK Technologies of the BELLSOFT company Roman Karpov called the idea of the Ministry of Digital Development "a new vector of development". In a conversation with RSpectr, he emphasized that
In the current environment, creating our own standards for training and certification of cybersecurity experts is absolutely necessary.
Similar foreign programs are quite common in the Russian Federation, for example, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).
the number of specialists certified according to foreign standards is only 1-2 thousand people
According to Sberbank Deputy Chairman Stanislav Kuznetsov, about 5,000 cybersecurity specialists worked in Russia in 2022. However, he is sure that dozens of times more are needed.
Industry committees of IT associations are usually involved in such issues for expert assessment at the final stages, when the implementation is at a formed stage and can be assessed, Alexey Parfentyev, head of the RUSSOFT information security committee and head of the SearchInform analytics department, told RSpectr. Certification is a mass process, so responsibility for creating methods and knowledge base cannot be shifted to a separate committee or council, he noted. According to the expert,
some kind of analogue of the Unified State Exam is needed for the initial and intermediate levels of certificates, and for the higher ones it is necessary to attract vendors
Alexey Parfentiev, SearchInform:
– You can’t do without developers in this matter, they have the greatest expertise in certain areas. Moreover, many vendors already have established training courses to improve the qualifications of information security specialists.
Forming even the concept of a certification system for information security employees is a large task for one department, noted Alexander Moiseyev, leading information security consultant at AKTIV.CONSULTING (Aktiv company), in an interview with RSpectr. Therefore, it is necessary to involve other departments, higher education institutions, and representatives of the information security market, he believes.
|
|
發表於 2024-11-10 12:11:09