Cyber Security Education and Training
Cyber Security Education and Training
- Cyber Security Competency Training Development Blueprint
To strengthen the cyber security workforce and cultivate agencies’ cyber security capacity, the Administration implemented the cyber security competency training development blueprint, regularly training agencies’ cyber security and information personnel. By helping government agencies’ cyber security personnel build necessary professional skills, the Administration meets cyber security education and training requirements designated in the "Regulations on Classification of Cyber Security Responsibility Levels." The Administration’s works include:
- (1)Developing cyber security competency training course materials for institutions
- (2)Holding cyber security defense seminars across the country, promoting cyber security policy and threat awareness
- (3)Creating a cyber security exam question database, including exam questions created and reviewed by cyber security exports to enhance evaluation effectiveness
- (4)Organizing cyber security competitions, discovering potential cyber security talents, reinforcing cyber security offense and defense skills
- (5)Building a cyber security talent database, managing government agency cyber security workforce allocation.
Please visit the Cyber Security Talent Training website (https://ctts.nics.nat.gov.tw/) and the Cyber Security Competence Training Course page (https://ctts.nics.nat.gov.tw/DownloadDetail/68) .
- Cyber Security Personnel Competence
The required skills of cyber security personnel are divided into the three facets of strategy, management, and technicality according to their job functions, while required competence is categorized into the two levels of common and professional competence. Common competence refers to having basic awareness of cyber security and relevant regulations. Professional competence includes skills corresponding to the strategy, management, and technicality facets; strategic skills include cyber security strategy planning, work inspection, resource coordination, and performance evaluation; management skills include cyber security mechanism planning, management and operation, risk evaluation, and work auditing; technical skills include network management, incident response, cyber security testing, software/system management, and intelligence analysis.
- Cyber Security Governance System
To implement the cyber security governance system, enhance cyber security defense equipment, and build objective indicators to better evaluations, the government conducts the following works:
- (1)Setting objective government agency cyber security governance maturity indicator evaluation items and organizing information sessions for agencies
- (2)Completing training courses in accordance with the Cyber Security Service Team and providing in-person guidance and consultation to help agencies reach cyber security goals
- (3)Updating evaluation items and system functions as well as understanding cyber security defense progress according to training course feedback and evaluation suggestions
- Cyber Security In-person Guidance
The Cyber Security Service Team provides in-person guidance at agencies. The guidance they provide encompasses the strategic, management, and technical facets of cyber security defense. After counselors discuss their practical experience with agencies receiving guidance, they provide specific suggestions to enhance agencies’ cyber security capacity. The results of the guidance are organized and analyzed to generate improvement measures, relevant suggestions, and reports. The review focuses on the strategic, management, and technical facets; details are as follows:
- (1)Strategy: review the implementation of agencies’ cyber security policies, including cyber security promotion organization, leader support, resource investment in cyber security, cyber security governance maturity evaluation, and cyber security compliance item operation, planning, and implementation; operational technology(OT)-related items are also included for critical infrastructure providers.
- (2)Management: assist agencies with implementing cyber security management, including cyber security management outsourcing, information property management and risk evaluation, and digital data protection and management.
- (3)Technicality: provide agencies with cyber security technical guidance, including web security management, secure information and communication system development, cyber security incident reporting and response, email safety management, cyber security weakness and government configuration baseline (GCB) security management.
- Cyber security category in civil service examinations
To tackle the increasing threat of cyber security hacking, government agencies are in urgent need of cyber security professionals to implement various protection tasks. To relieve the growing demand of cyber security workforce, the Administration collaborated with the Examination Yuan and the Directorate-General of Personnel Administration, Executive Yuan in promoting the addition of cyber security category in civil service examinations, and the recruitment began in 2014.
The examination content is based on the core competency and professional abilities required by cyber security personnel. The four professional subjects are "Introduction to Cybersecurity", "Cybersecurity Management", "Cybersecurity Protection Technology" and "Cybersecurity Laws and Regulations". By expanding sources of talent acquisition, it will provide a stable workforce to cope with rapidly changing technical and business challenges and thus strengthen the overall cyber security protection capabilities in government agencies.