6° IT Star WS on Digital Security Topic II-Research and Education in Information Security
CEPIS Survey of Professional e-Competence in Europe
The Information Security Job Profile
Roberto Bellini – [email protected] President Milano AICA Chapter EUCIP Country Manager
Bratislava, March, 30° 2012
0 E-SKILLS:
European e-Competence Framework (e-CF) A benchmark from the ICT business employers’ perspective consisting of ICT practitioner and manager competences, aligned to the EQF, structured as needed and applied on the workplace, and intended to assist transparency and mobility in the EU labor market.
E-SKILLS:
European e-Competence Framework (e-CF) e-CF Developments: e-CF as the de-facto system for interoperability of available competence models and standards.
EUCIP (European Certification of Informatics Professionals) SFIA models (Skills Framework for the Information Age), AITTS (Arbeitsprozessorientierte IT-Weiterbildung), Nomenclature 2005 CIGREF (Club Informatique des Grandes Entreprises Françaises) and other.
CEPIS: Competences and Professionalism the development of the professionalism is based on 2 main basic components technical and behavioural competencies (syllabus) ethical rules supporting integrity, responsibility and accountability of professional and manager
On the theme of competences and professionalism development acts the following stakeholders with different roles: Schools, Universities and Professional and Managerial training societies are the reference for the development and the update of the technical, behavioural end relational competencies. The companies of the ICT supply-side, in particular the multinationals, act an important role for the innovation and the technological update The companies of the ICT demand-side (Banks & Insurance, Public Administration, Commerce, Services, etc.) act an important role for their business innovation enhanced and supported also by digital technology The associations are a reference for the acknowledgement of the competence profile and of its value, as well as the government of the ethic features.
In this context the CEPIS Standard e-CF based, will cover in particular the technical competencies specific of each one of the job profiles which is recognized 3 by the market. What, as AICA, we learned through EUCIP and ECDL on enhancing the value of a Standard
It depends from . The tools used to manage the basic syllabus to which refer . The types and number of organizations and institutions that share the standard in order to make it have a diffuse application: Schools and Universities ICT and NON ICT companies (supply and demand side) Public and Government organizations Trade unions Enterprise associations (banks, insurances, industries, commerce, services, ..) Public funds for training financing ...... 4 Council of European Professional Informatics Societies
Professional e-Competence in Europe 5 Methodology and Survey Approach Three types of results
Personal Results: 1918 individual Aggregated Results: 7 (100+ responses) assessment and 3 (50+responses) Country Reports
IT 281 FI 251 IE 192 BE 191 MT 184 ES 177 NO 104 LV 92 BA 88 RO 67 CY 60 LT 50 NL 39 SB 34 EL 28 PL 28 CZ 12 BG 11 Total: 1918 Other 29
1 European Report, based on the analysis of 1918 respondents by country CEPIS Overview 7 8 Personal Report
Competences required by the represented profile
Competence required by the profile but where respondent has deficiency
Competences that exceed those required by the profile Professional e-Competence in Europe
34.3% 30.1% AGE Number of professionals under 30 very low
18.8% – confirms anticipated shortages 16.8%
Europe 16% < 30 yr 31 .. 40 yr 41 .. 50 yr > 50 yr
Italy 8%
Finland 24%
Ireland 19% Gender Belgium 12% • Average of 16% are female. Lowest in Malta 16% Italy at 8%. Spain 11% • Some profiles have 0 female Norway 15% representation Latvia 15% Bosnia-Herz. 19%
Romania 28%
10 Professional e-Competence in Europe
45.4% Education • More than half of respondents (51.1%) 28.2% having either a Master or a PhD qualification 17.9% • But not in IT! 5.7% 2.8%
None of the Secondary University University Doctorate above School Bachelors Masters (Phd.) IT Manager P01 16% Diploma Degree Degree IT Quality Manager & Auditor P02 26% Concurrenceberween declared and IT Client Manager P03 13%
IT Sales & Mktg Consultant P04 12% calculated IT Applications Consultant P05 5% Business Analyst P06 6% IT Project Manager P07 17% IT Systems Analyst P08 17%
Software Developer P09 40% declared) on (% Profiles Integr. & Testing Engineer P10 17% Some notable differences between the IT Systems Architect P11 15% stated and calculated profiles IT Security Manager P12 30% Database Administrator P13 37% Network Manager P14 11% IT Administrator P15 33% IT Systems Engineer P16 19% Service Support Manager P17 27% IT Trainer P18 31% Total 21% Declared profile Europe Calculated profile 11 Professional e-Competence in Europe
Profile Distribution • By educational level: 80% with university degree 1 - 10 11 - 50 51 - 250 251 - 1000 1000+ Europe 11.2% 11.9% 22% 21% 34% • By IT education: 64% main focus
• By IT industry: 50% Italy n.a. • By enterprise size: 13% in micro, Finland 7.9%6.6% 19% 24% 43% 54% in the large Ireland 14.4% 11.7% 13% 19% 42% Belgium 4.9%4.4%7% 12% 72%
Malta 2.2%7.7% 45% 35% 10%
Spain 13.3% 14.5% 18% 19% 35%
Norway n.a.
Latvia 27.7% 13.3% 19% 24% 16%
KI distribution Bosnia-Herz. 12.6% 27.6% 28% 14% 18% • plan 1,66 and build 1,67 and run 1,68 Romania 6.2% 35.4% 34% 23% 2% out of 3,0: to be improved • enable 1,38: a lot to do • manage 1,51: again a lot to do
12 Analysis of Calculated IT Profile Clusters Profile Distribution by Enterprise Size
1 .. 10 11 .. 250 251 +
Average 11% 34% 55%
IT Manager P01 10% 30% 60% IT Quality Manager & Auditor P02 13% 31% 56% IT Client Manager P03 35% 44% 21% IT Sales & Mktg Consultant P04 14% 46% 40% IT Applications Consultant P05 21% 30% 48% Business Analyst P06 16% 16% 69% IT Project Manager P07 15% 24% 60% IT Systems Analyst P08 15% 30% 55% Software Developer P09 7% 34% 59% Integr. & Testing Engineer P10 9% 43% 48% IT Systems Architect P11 10% 37% 53% IT Security Manager P12 7% 24% 69% Database Administrator P13 4% 40% 55% Network Manager P14 10% 45% 45% IT Administrator P15 12% 34% 54% IT Systems Engineer P16 9% 39% 52% Service Support Manager P17 7% 37% 56% IT Trainer P18 11% 34% 54%
Europe Report Analysis of Calculated IT Profile Clusters Profile Distribution by IT-focused Education
Main focus Secondary subjet
Average 63% 37%
IT Manager P01 48% 52% IT Quality Manager & Auditor P02 59% 41% IT Client Manager P03 53% 47% IT Sales & Mktg Consultant P04 62% 38% IT Applications Consultant P05 59% 41% Business Analyst P06 53% 47% IT Project Manager P07 63% 37% IT Systems Analyst P08 73% 27% Software Developer P09 68% 32% Integr. & Testing Engineer P10 77% 23% IT Systems Architect P11 75% 25% IT Security Manager P12 65% 35% Database Administrator P13 65% 35% Network Manager P14 50% 50% IT Administrator P15 69% 31% IT Systems Engineer P16 58% 42% Service Support Manager P17 60% 40% IT Trainer P18 57% 43%
Europe Report ProfessionalProximity e-Competence Profiles in Europe Detail of IT Project Manager
Knowledge index Professional status
Full time A- Plan 2.12 83.3% employee IT Project Manager B- Build 1.81 Part time 1.3% employee
Base: 179 respondents C- Run 1.58
Self-employed 12.7% D- Enable 1.72 Student/ Unemployed/ 2.7% E- Manage 2.05 Retired
Age Industry sector Educational level
Mean: 43.8 41.3% 60.1%
Mainly on IT 49.3% demand side 27.9% 22.9% 20.2%
10.1% 8.4% 1.1% 7.8% Mainly on IT 50.7% supply side None of the Secondary University University Doctorate above School Bachelors Masters (Phd.) ..-30 yr 31-40 yr 41-50 yr 51-.. yr Diploma Degree Degree
Gender Enterprise size IT Education 83.8% 39.0% IT was the main focus of 65.2% my education
19.1% IT was the 17.6% main focus of 22.5% 14.7% my education 16.2% 9.6% IT was the main focus of 12.4% my education Male Female 1 - 10 11 - 50 51 - 250 251 - 1000 1000+ When asked to indicate their profile, the most respondents chose IT Manager - in 7 countries 15 Proximity Profiles - detail of IT Security Manager
Professional status
Full time IT Security Manager 89.8% employee Europe Part time 5.1% Base: 60 respondents employee
Self-employed 5.1%
Student/ Unemployed/ 0.0% Retired
Age Industry sector Educational level
Mean: 41.7 41.7% 60.0%
Mainly on IT 59.3% 31.7% demand side
26.7%
15.0% 11.7% 6.7% 3.3% 3.3% Mainly on IT 40.7% supply side None of the Secondary University University Doctorate above School Bachelors Masters (Phd.) ..-30 yr 31-40 yr 41-50 yr 51-.. yr Diploma Degree Degree
Gender Enterprise size IT Education
90.0% 35.2% 33.3% IT was the main focus of 65.0% my education
IT was a side 26.7% 14.8% subject 9.3% 7.4% 10.0% IT was not significant in my 8.3% curriculum Male Female 1 - 10 11 - 50 51 - 250 251 - 1000 1000+ IT Competence – Knowledge Index - RUN
RUN area - average 1.68
IT Manager P01 1.10 IT Quality Manager & Auditor P02 1.57 IT Client Manager P03 1.64 IT Sales & Mktg Consultant P04 1.52 IT Applications Consultant P05 1.80 Business Analyst P06 1.63 IT Project Manager P07 1.47 IT Systems Analyst P08 1.73 Software Developer P09 1.69 Integr. & Testing Engineer P10 1.69 IT Systems Architect P11 1.25 IT Security Manager P12 1.98 Database Administrator P13 1.96 Network Manager P14 1.91 IT Administrator P15 2.31 IT Systems Engineer P16 2.17 Service Support Manager P17 1.91 IT Trainer P18 1.20
0 1 2 3
Europe Report DIGITAL FORENSIC SPECIAL SKILLS (Mastronardi)
This expert requires special skills, in particular to conduct the following investigative jobs:
• crime of forgery (reconstructed on the basis of digital documents) •violationofthepersonaldataprocessingrulesinacorporate •legalprotectionofcorporatedatabase •contractsforthesupplyofservices •damagesfordefectsofmanagementsoftware •contractsformarketinganddistributingsoftware •challengeprocedures,disputeresolutionandreassignmentofthe domain name in case of unfair competition among entrepreneurs
responsibilities of the Registration Authority, the use of an inhibitory site, the provider's responsibility, liability of the maintainer •privacyandminimummeasuresofsecurityforpersonaldatain public and private health activities, free professional company to produce goods and/or services •offensesofpossessionanddisseminationofpedo-pornography •offensesrelatingtothephenomenonofthe"phishing" •terrorism. CEPIS Survey Recommendations 1. Career paths with defined training and education requirements are needed •Almost half of respondents did not have IT as the main education focus. •Large number of respondents failed to match the e-competences needed for their declared job profiles. •Defined career paths and training for IT roles could help in producing a new generation of IT professionals with the right skills.
2. The e-CF should be applied as a pan-European reference tool to categorise competences and identify competence gaps. It has become clear that the e-CF is a practical reference tool and it should be further disseminated across Europe.
•Whilst applying the e-CF, it became apparent that it is a practical reference tool with value in categorising and defining IT competences. •It should be continually developed and disseminated across Europe. •The findings from this research may help the CEN Workshop on ICT Skills to further refine the job profiles. •The three identified competence clusters can help identify and improve low competence levels in a given area. 19
Conclusions: the Labor Market to which Cepis will refer
new graduates from Schools and Universities, reached through teachers and professors
Specialists (professional and manager) as individuals which work for and in the companies of the ICT supply side and in the companies of the ICT demand side (NON ICT Companies and Public Administration organizations) of every sector and dimension;
ICT Demand side Organization’s Responsible: Information Systems Managers, Human Resources and Training Managers, Purchasing managers;
ICT Supply side Company’s Responsible: Business Managers, Human Resources and Training Managers.
20 Conclusions: the Services foreseen to serve many stakeholder needs •Professional services on behalf of individual specialists: competence assessment and recognition of the proximity profile competence gap analysis to be covered personalized design of learning paths and monitoring, support to identify the strengths and weaknesses of the individual professional career position ……………………………
Business services on behalf of HR & ICT Departments’ needs IT-skills inventory for the company recruit the right resources for defined processes and projects design and monitor learning paths focused on the gap of competences of the employed specialist deploy certification’s path 21 ……………….. The model of Individual professional career development continuous learning Practitioners Teachers of (operators, School and e professionals) University
Work experience
Assessments and measures
High Education
Vendor independent Certification
Entering in the
Labor Market
Business Performace Students e new graduates Improvement Entrepreneurs Managers Technological up-dating Authonomous Professionals 22 Professional e-Competence in Europe
Thank you
Roberto Bellini
23