Security skills need to become embedded in the school education system.

The consensus of the Information Security Forum (ISF) and (ISC)2 at the RSA Europe Conference was that security should impact primary, secondary and further education, as well as be an integral part of business training.

John Colley, CISSP, (ISC)2's managing director EMEA, claimed that security should become part of the core curriculum across the entire education system, from primary schools to a broad set of university courses.

Colley said: “We need to get past the ‘awareness program' phase. Children from first stages should not only be learning to use the computers and online resources but how to use them safely and securely and why this is important. We learnt about safety in the science lab. The dynamic here is the same.”

Professor Howard A. Schmidt, CISSP, president of the ISF, said: “Data is the gold, silver and diamonds of the modern world and should be given the same level of protection. Many businesses, governments and individuals are still unclear of the true value of data and where it resides and who has ownership is even less clear.

“We need to be better at controlling and managing data and understand the expectations of the data owners and providers. For example, if we give personal data to identify and validate ourselves – this data is only required for a short period of time and could then be destroyed.”

Colley further claimed that the majority of current computing-related courses do not adequately address security issues, However strategic decisions taken by IT, from the procurement and/or development of software to the adoption of cloud services, is having a huge impact on vulnerability levels when the security requirements are not built in at the outset.

“Security should also be a core element of business education. Tomorrow's business leaders need to be able to instinctively strategise for secure business development. Employee induction should include security with the systems training; and security responsibilities should be part of the employment contract,” said Colley.