ISACA Launches Real-time, Real-world Cyber Security Training Platform and Assessment Tool
April 2017 by Marc Jacob
ISACA is changing how cyber security training is delivered with the latest additions to its Cybersecurity Nexus (CSX) portfolio of resources—the CSX Training Platform and Assessment Tool.
The CSX Training Platform offers learners an easily accessible, constantly updated education environment that gives administrators clear insights into employee performance so organizations can ensure that they hire and retain the best talent on the front lines of cyber security defenses. The on-demand, performance-based training and assessment tool, conducted in live environments using real-world threat scenarios, is the first of its kind.
Historically, organizations have had to rely on training mechanisms that are costly, inaccessible and quickly out-of-date due to the ever-changing threat environment. According to a recent ISACA survey, 52 percent of respondents said they believe traditional cyber security training options leave staff only moderately to not-at-all prepared. With the growing skills gap, cyber security team leaders are looking to formally diagnose specific areas where they need to bolster skills, according to 62 percent of respondents.
Real-time Skills Assessment
The CSX Training Platform addresses those pain points with the first-of-its kind cloud-hosted assessment feature, which lets HR professionals evaluate the hands-on skills of cyber security job candidates and enables cyber security team leaders to assess the skills of their current staff.
The CSX Assessment Tool gives hiring managers a critical resource when it comes to evaluating candidates and ultimately filling positions. Human resource departments and supervisors can use the tool to determine if applicants, or current employees, have the necessary hands-on skills for positions or promotions. Candidates respond to real-world threats in a live lab environment, and HR professionals will receive an immediate assessment of their skills, giving them a clear picture of what the candidate can and can’t do.
“With its hands-on approach to cyber defense, the CSX Training Platform is an important learning solution for enterprises that want their front-line IT teams to be cyber-hardened, cyber-prepared and cyber-tested,” said Christos Dimitriadis, ISACA board chair and group director of information security at INTRALOT, “The ability to test and build skills will help enterprises address the significant skills gap problem they’re facing.”
Performance-Based Training in a Live Network Environment
The CSX Training Platform currently includes up to 100 hours of performance-based learning, divided among beginner, intermediate and advanced levels. It also features virtual versions of ISACA’s three CSX Practitioner courses, the CSX Practitioner Bootcamp, and the Cybersecurity Fundamentals course. The CSX Labs and courses will be updated continuously, and new ones will be added in response to evolving needs of cyber security teams and the threat landscape.
“We consistently hear from CISOs around the world that cost and accessibility are significant barriers to getting their employees the hands-on training they need to be effective and advance their capabilities,” said Matt Loeb, ISACA CEO. “As part of our mission to narrow the skills gap and help enterprises develop their cyber workforce, ISACA developed the CSX Training Platform as an affordable solution that gives cyber security professionals complex scenarios to handle and live incidents to detect and mitigate.”
The CSX Training Platform isn’t built as a one-size-fits-all for learners. With modules for all levels of practitioners, learners can be sure they are receiving flexible training that is appropriate for their skill level and helps them advance their capabilities in the areas that are most relevant to their work. Enterprises of all sizes can choose to have full access or modify the options to fit their needs. Additionally, with its cloud-based model, training can be accessed by employees on demand and without the expense of travel. Organizations are no longer forced to pull their IT staff away from their job to participate in off-site training.
“Each organization faces a unique set of threats, and the CSX Training Platform is designed to address those threats and test related skills. Our experts will constantly add to the platform, so we are able to build a training curriculum that supports the immediate and future needs of cyber security teams,” said Frank Schettini, Chief Innovation Officer for ISACA. “A cybercriminal builds an attack based on his or her domain of expertise. So why wouldn’t organizations enable security professionals to build defenses the same way?”
Though cyber security threats are growing in number and complexity, the professionals on the front lines of defense are not keeping pace, according to ISACA’s State of Cyber Security 2017 report. Hiring managers are having a hard time finding the right talent, citing issues such as:
• Nearly 1 in 3 organizations say it takes six months or more to fill open cyber security positions
• 37 percent of organizations say fewer than 1 in 4 candidates are qualified
• 1 in 5 organizations gets fewer than five applicants for open cyber security positions
Additionally, cyber security leaders have a critical need to build the skills of their existing staff. The same survey found that fewer than half are confident in their team’s skills to detect and respond to complex cyber incidents.
The CSX Training Platform is currently available for enterprise use. An individual version will be available later in 2017. For more information, visit www.isaca.org/CSXCyberTraini....