On professional standards for personnel training on safety of critical information infrastructure objects

• Main Authors: Viktor S. Gorbatov, Anatoly P. Durakovskiy, Maxim I. Lobanov
• Format: Article
• Language: English
• Published: Moscow Engineering Physics Institute 2019-12-01
• Series: Bezopasnostʹ Informacionnyh Tehnologij
• Subjects: security, competencies, critical information infrastructure, training, training program.
• Online Access: https://bit.mephi.ru/index.php/bit/article/view/1231

The development of a new approach to state regulation in the field of information security, called “ensuring the security of critical information infrastructure (CII)” is a certain challenge for the sphere of educational services, associated with the need for advanced modernization of educational programs for the training of specialists of the relevant security forces with regulatory competencies. The aim of presented study is to develop proposals to overcome certain difficulties in the creation or modernization of educational programs for the training of employees of the security forces of significant CII facilities associated with non-compliance, at least formal, existing professional standards with the regulatory requirements of the state regulator. Leading educational institutions in the field of information security have already begun to implement the task, but given the scale and diversity in the areas of application of CII objects, it seems appropriate to extend such activities to some extent to all structures of the sphere of educational services in the field of information security. The optimal solution to this problem would be to use domestic professional standards in the field of information security as the initial regulatory framework. However, the existing open standards poorly comply with the regulatory functional requirements of the state regulator-FSTEC of Russia. As a way out of this situation, it is proposed to use foreign experience, in particular the U.S. National educational initiative in the field of cybersecurity, which has developed a kind of analogue to domestic professional standards called "the structure of labor resources in the field of cybersecurity". According to its structure and content, this document has an undoubted advantage compared to domestic professional standards and can be used for the purpose of terminological standardization of qualification requirements, at least for employees of the security forces of significant objects of CII.