The importance of information Security and its challanges
With the increasing degree of digitalization and networking, companies are faced with fundamental challenges. Businesses face new threats to their security on a daily basis. Dynamic changes among workforce, technical environment, and means of collaboration among humans and machines challange current operations. Firms and employees need to learn how to operate under uncrtainty and how to minimise their risk exposure. Building up needed capabilities among the workforce is only a first step, but as experts are scarce on the labour market, especially smaller firms need to find new ways to akquire needed expertise.
SMEs face distinct obstacles when building up capabilities for information security. The scale of the operation poses not only liimtations to the financial ressources available to invest into informaiton security, but also renders the responsibilities of an information security officer itself more generally in nature, as a larger oversight about the business and fewer technical sophistication is required. In the following, we have compiled the main aspects which influence SMEs and the work of an information security officer.
Information Security in SME - challanges for competence development
With the increasing degree of digitalization and networking, companies are faced with fundamental challenges. Businesses face new threats to their security on a daily basis. Dynamic changes among workforce, technical environment, and means of collaboration among humans and machines challange current operations. Firms and employees need to learn how to operate under uncrtainty and how to minimise their risk exposure. Building up needed capabilities among the workforce is only a first step, but as experts are scarce on the labour market, especially smaller firms need to find new ways to akquire needed expertise.
With the increasing degree of digitalization and networking, companies are faced with fundamental challenges. Businesses face new threats to their security on a daily basis. Dynamic changes among workforce, technical environment, and means of collaboration among humans and machines challange current operations. Firms and employees need to learn how to operate under uncrtainty and how to minimise their risk exposure. Building up needed capabilities among the workforce is only a first step, but as experts are scarce on the labour market, especially smaller firms need to find new ways to akquire needed expertise.
With the increasing degree of digitalization and networking, companies are faced with fundamental challenges. Businesses face new threats to their security on a daily basis. Dynamic changes among workforce, technical environment, and means of collaboration among humans and machines challange current operations. Firms and employees need to learn how to operate under uncrtainty and how to minimise their risk exposure. Building up needed capabilities among the workforce is only a first step, but as experts are scarce on the labour market, especially smaller firms need to find new ways to akquire needed expertise.
With the increasing degree of digitalization and networking, companies are faced with fundamental challenges. Businesses face new threats to their security on a daily basis. Dynamic changes among workforce, technical environment, and means of collaboration among humans and machines challange current operations. Firms and employees need to learn how to operate under uncrtainty and how to minimise their risk exposure. Building up needed capabilities among the workforce is only a first step, but as experts are scarce on the labour market, especially smaller firms need to find new ways to akquire needed expertise.
Owners of Small and Medium sized Enterprises are often overwhelmed with the requirments expressed by information security experts and mostly opt into contracting a service provider, which helps the firm to built up internal knowledge ressources in order to increase information security within the firm. Assigning this additional task to an internal employee brings up a central problem for the decision making: How do you determine the most suitable employee?
Owners of Small and Medium sized Enterprises are often overwhelmed and mostly opt into contracting a service provider, which helps the firm to built up internal knowledge ressources in order to increase information security within the firm. Assigning this additional task to an internal employee brings up a central problem for the decision making: How do you determine the most suitable employee?
Validation and Certification of Competences
The IT labour market inherits a significant share of lateral entrants, workers without any sort of formal qualification. At the same time, among geographical borders and industry sectors, requirments for personnel employed in information security are very similar. However, the large amount of non-formal and non-formal learning due to rapid technological developments make it difficult for workers to demonstrate their capabilities on paper. A european system to validate and certify non-formal and informal learnings in the member countries would enable professionals from the sector to transparently and credibly demonstrate their competences to new employers and to consequently be more mobile among countries. In the same instance, employers who are looking for new employees can reliably identify qualified personnel.
However, in order to establish a certification system it is necessary to align what competences need to be validated. As of now, no formal requirments for an information security officer in SMEs exist in the EU. Witht he establishment of a foundational occupational profile, learning units and corresponding competences can be formulated, (self-) assessed and later on externally validated and certified. At the same time, these learning units can be used by SMEs to check their own requirmens, to select interested and suitable personnel among the existing workforce and to strategically invest into their reeducation in order to efficiently address the own need. Through this procedure, not only will be more personnel available on the labour market, but SMEs will be capable to tackle their individual challenges posed by information security.