Cyber security research

03/23/2017
Government Security News

UMass Lowell and itSM Solutions LLC announced today that they are launching a new workforce training program focused on cybersecurity.

The training program – which is available via instructors or online video – is based on the cybersecurity framework issued by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) in response to a 2013 executive order issued by then-President Barack Obama to protect the nation’s most critically important technology infrastructure that, if incapacitated or destroyed, would have a debilitating effect on national security, the U.S. economy, public health and safety.

The NIST Cybersecurity Framework (NCSF) was subsequently issued by the agency and from there, Larry Wilson, who teaches cybersecurity courses at UMass Lowell and serves as the chief information security officer for the UMass system, set out to create a program that addresses all aspects of the framework, including security standards and core functions that align to the three stages of a cyber-attack (before, during and after) and map directly between cyber-threats and security controls.

The result of the work by Wilson is the UMass Lowell NCSF Controls Factory Methodology. It has earned Wilson a series of industry honors including being named to Security Magazine’s “2016 Most Influential People in Security” and SANS’ “People Who Made a Difference in Cybersecurity” for 2013, along with the International Security Executive (ISE) North America Project Award Winner in the academic and public sector category in 2013.

“I developed the NCSF Controls Factory Model as a communications aid to explain the key components of the UMass Cybersecurity Program to coworkers, managers, contractors and partners so that our key stakeholders would understand why, what and how we are building that program so that they are in a better position to help us achieve our mission,” said Wilson. “It makes sense to share that approach with other individuals and organizations through workforce training and development because of the growing need for a skilled cyber-workforce.”

Wilson’s work is also the basis of the new training program that itSM Solutions is partnering with the university to offer to professionals in government, private industry and at other academic institutions. Through the training program, NISTCSF.com, participants – who do not have to be IT professionals – learn to identify potential threats and how to mobilize the UMass Lowell NCSF Controls Factory Methodology across their operations to eliminate or address any of those threats. The controls factory system is so flexible that it allows individual organizations to set their own cybersecurity risk profile and to adapt it as needed as the threat landscape and vulnerabilities change.

“This is a valuable and timely contribution to workforce training and demonstrates that UMass is a leader in providing solutions to the most pressing issues facing our Commonwealth and our nation,” said UMass President Marty Meehan.

itSM Solutions is offering the training program under a license agreement negotiated by the UMass Lowell Office of Technology Commercialization, which facilitates the transfer of technology and other commercially viable intellectual property developed at the university to the marketplace for public use and benefit.

“As a public institution, UMass Lowell’s goals include making the intellectual property and best practices developed here available to others who would benefit from it, whether in the public sector, private industry or academia,” said UMass Lowell Chancellor Jacquie Moloney. “The UMass Lowell NCSF training program will help organizations across the globe create and credential the cybersecurity workforce that is needed to address the demands of this growing field.”

“itSM Solutions is proud to partner with UML on this very exciting opportunity,” stated Rick Lemieux, managing partner at itSM Solutions. “We look forward to working with UMass Lowell to create additional NCSF training programs that will enable individuals and enterprises to stay ahead of the cybersecurity learning curve created by the ever-changing digital landscape and the Internet of Things.”

Three training options are available through itSM:

  • The NCSF Foundation Certification Course, which is available via instructor-led sessions and online video, outlines current cybersecurity challenges and explains how organizations that implement an NCSF program can mitigate these risks. This program is focused on candidates who need a basic understanding of the NCSF to perform their daily jobs as executives, accountants, lawyers or information technology professionals.
  • The NCSF Practitioner Certification Course, also available via instructor-led sessions and online video, details the current cybersecurity challenges plus teaches in depth the UMass Lowell NCSF Control Factory Methodology on how to design, build, test and manage an NCSF cybersecurity program. This program is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals.
  • The NCSF Certification Training Library, available via online video, prepares candidates to sit for the IT and information security (INFOSEC) certification exams aligned with the work and specialty roles associated with the NCSF.

Those who successfully complete the certification and meet university requirements may transfer credits and enroll in one of UMass Lowell’s master’s degree programs in information technology, such as network security or cybersecurity.