In this interview with Help Net Security, Renata Mekovec, Associate Professor and Head of the postgraduate specialist study Information Systems Security Management and Auditing at the Faculty of Organization and Informatics (University of Zagreb), talks about what the specialized study offers to information security professionals and the Faculty’s collaboration with (ISC)² to deliver CISSP preparation and training.
What makes the “Information Systems Security Management and Auditing” postgraduate specialist study unique?
Information security experts are one of the most sought-after and highest paid professionals in the IT field. Moreover, these experts are currently on the list of the seven most wanted category of employees in the world. To address the threats and vulnerabilities of information systems, these professionals must understand the complete business of the organization, have extensive knowledge of information technology, as well as specific expertise in information security.
After completing our postgraduate specialist study “Information Systems Security Management and Auditing”, we want our students to be prepared to fulfill the most responsible tasks in the field of information systems security.
Therefore, the study is structured in such a way that each course mixes theory and practice. The study is taught by teachers and professionals from the Faculty of Organization and Informatics and our overseas partner (higher education institutions), and each course also includes IT industry specialists.
Since this is a specialized professional study, it is critical that we transfer professional knowledge and experience to our students, as well as solve specific problems from practice. The study designed in this manner allows our students to transfer and exchange knowledge and experience with lecturers, experts, and other participants. We included the most relevant topics in the field of information security in the study program’s content, and because our goal was to be fully market-oriented and practical, we integrated the education required to take the world’s leading professional certificate in this area into the study program.
This study is running on a new concept from what was available before. Can you give us a sense of your top short- and long-term goals for the curriculum?
Our goal for this study program is that it’s recognized by companies, state entities, and individuals as a curriculum that covers all aspects of the information security management system’s implementation and ongoing monitoring.
As many practitioners as possible are involved in the teaching to ensure that the issues of security and privacy are approached from several perspectives. We offer a study program in which students not only acquire new knowledge and skills, but can also exchange experiences with experts recognized in Croatia and the world. The true value of a study program is that it provides students with communicators with whom they can discuss specific problems and find solutions.
On the other side, we need to think globally and broaden our horizons, so the long-term objective is to conduct this study in English.
Things change quickly in the cybersecurity field. What strategies do you plan to use to provide a supporting environment for real-world professional growth?
Employers are expected to understand the need of investing in security personnel to develop and secure their entire organization. State institutions should be the primary driver and creator of the environment for achieving security, whether by legal acts, support from agencies, or actively supporting a code of conduct. Everyone is expected to accept social and moral responsibility for their actions, as well as to raise awareness about the importance of security and privacy.
The Faculty of Organization and Informatics (FOI) plays an important role in raising personal, entrepreneurial, and social awareness of the security problems by providing a high-quality study program that focuses on specific areas of information security. As a result, by continuously monitoring the situation in its surroundings, it will actively participate in supporting all measures, methods, and projects for the establishment of cooperation in this area. On the other hand, it brings to the job market quality information security experts and thus reduces the deficit of this profession.
Do you have a close relationship with companies that can enable students to test their knowledge with real hands-on work? How do those partnerships function?
FOI constantly monitors the IT industry’s requirements for the necessary knowledge and skills and works closely with IT industry representatives and partners in the development and revision of study programs.
Because of the strong propensity to follow new trends in an ever-changing field, we have gathered and will continue to gather leading experts in security who will be involved in teaching. FOI enjoys a positive working relationship with the industry, we have over 500 active cooperation agreements with employers from a wide range of industries, with a particular emphasis on IT.
Employers know what they want, which is why they are involved in the development of new study programs. The higher the quality of study programs we establish (and implement), the better and more prepared workers we acquire to work in IT. We collaborate with employers to establish the important roles, knowledge, and skills they desire in their employees, which we incorporate into our educational programs.
The Faculty of Organization and Informatics has signed an agreement with (ISC)². What does that entail?
The most important and biggest change in the study program that we have made is that the study is designed to provide the necessary preparation for taking the world’s leading professional certificate in this field: CISSP (Certified Information Systems Security Professional).
Thus, in addition to the subjects provided for in the curriculum, students are also provided with additional education that prepares them for taking the CISSP certificate. Preparation, as well as education materials, are included in the price of the study. The training is conducted by an instructor approved by (ISC)² and following their material.
Looking into the future, how important do you see information security education being to a country’s competitiveness?
The answer is simple: The more high-skilled people there are who understand the problem and are willing to propose a constructive solution, the more competitive you are as a community and as a state. As a result, I believe that any education, not just the one in security, that “develops” skilled people will help drive the country to a higher level of competitiveness.