TMCnet News
(ISC)-2 - New Cyber Security Competition to Test Software Developer's Security Credentials(ENP Newswire Via Acquire Media NewsEdge) ENP Newswire - 20 July 2012 Release date- 19072012 - A new Cyber Security Challenge UK competition launches today to find the software and application developers with the security knowhow to keep business and our critical national infrastructure safe from the threat of online attacks. QinetiQ and (ISC)-2 are working together to test and instil security skills in the development of software which is not only used in everyday business systems but also in systems that manage critical physical operations such as those used by water and power companies. The Cyber Security Challenge UK and its supporters from industry, government and academia run a series of competitions each year. They identify new talent that can meet the urgent need to attract more skilled professionals into the cyber security sector. Its competitions look for the skills and aptitude that employers most require. Last year, 73 percent of information security professionals surveyed as part of (ISC)-2 's Global Information Security Workforce Study ranked software vulnerabilities as the number one online threat. Software applications are increasingly being developed for very open, highly distributed environments, often through the co-ordination of many providers and outsourced services. As a result there is often insufficient understanding of the vulnerabilities that can be introduced. Traditionally, developers operate under tight time constraints to be the first to market with new functionality and security has not been a priority. The impact of poor security is such that there is now an urgent need for this attitude to change. High-profile attacks like Stuxnet have highlighted how damaging the exploitation of any weaknesses within software can be and how the skills to develop applications securely have never been more important. This new online competition is open to any software developers, including current professionals, students or those who are simply interested in the area. It will challenge competitor's knowledge of security requirements, as well as their instincts for anticipating and eliminating vulnerabilities as they develop their own software. The best candidates will then be invited to QinetiQ at the start of next year for a hands-on experience of writing secure code to move physical devices and protect a top secret facility from real life cyber-attacks. Anyone interested in registering for a Challenge competition should visit the Challenge registration page - https://cybersecuritychallenge.org.uk/registration - where you will find all the details you need to take part. Other competitions coming up include a packet capture analysis competition run by the SANS Institute during which competitors are asked to identify and interpret various types of network and web application attacks, and a Sophos Linux Competition. Quotes: 'Through this Challenge, we are working to raise awareness amongst software and systems developers at every level of the role they play in secure software development. Security instincts will be just as important as technical skills, as candidates prove they can effectively research and anticipate requirements for security at the same rapid rate at which software is developing,' says John Colley, CISSP, Managing Director, (ISC)-2 EMEA. 'For too long, software that underpins business and much of our most vital critical national infrastructure has been written without appreciation for the need for security. Those with the right instincts have a significant opportunity to demonstrate new skills that are incredibly relevant today. We hope this competition will attract, identify and nurture new talented individuals to work in this field.' 'Cyber criminals are increasingly developing the capabilities to manipulate the software used to control key security systems,' says Neil Cassidy, Practice Lead, Cyber Defence, Security Division, QinetiQ. 'Attacks like Stuxnet highlight the fundamental impact which these attacks can have on national infrastructure, from power stations to military installations. At QinetiQ's face-to-face stage of this competition, competitors will be responsible for securing the systems protecting a simulated top-secret facility. They must identify vulnerabilities in command software systems and work to anticipate security breaches to avoid attack. Through this Challenge we aim to provide the software developers of the future with experience of what it takes to secure software systems and the impact any failures can have.' Notes to editors 1. Command Control The competition opens for registration today, 18th July, and starts on 6 October. It is open to individuals over the age of 16 with an interest in the topic area. Competitors won't need to be an expert in a particular programming language, but will need to understand the fundamentals of programming in c, c++, objective c and java. It is designed for individuals interested in or working or developing a career in software development, that seek to add to their competency base with security skills. It is not open to people actively working in security today, or with recognised credentials in secure software development such as the CSSLP. Winners will be invited to attend the QinetiQ face to face challenge which will be held on Saturday 9th of February 2013. Winners from this event will then be invited to attend the Masterclass Final and awards weekend to be held on the weekend of the 9th and 10th of March 2013. 2. (ISC)-2 (ISC)-2 is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 86,000 members in more than 135 countries, with more than 13,000 in EMEA. Globally recognised as the Gold Standard, (ISC)-2 issues the Certified Information Systems Security Professional (CISSPO) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLPO), and Systems Security Certified Practitioner (SSCPO) credentials. . (ISC)-2 also offers education programmes and services based on its CBK, a compendium of information security topics (ISC)2 , regularly conducts research into workforce trends and delivers a range of initiatives to make the online world a safer place. More information is available at www.isc2.org. 3. QinetiQ A FTSE250 company, QinetiQ uses its domain knowledge to provide technical support and know-how to customers in the global aerospace, defence and security markets. QinetiQ's unique position enables it to be a trusted partner to government organisations, predominantly in the UK and the US, including defence departments, intelligence services and security agencies. For more information visit www.QinetiQ.com/cyber Follow @QinetiQ on Twitter Cyber Security Challenge UK runs a series of national inspirational competitions aimed at attracting talented people into the profession and informing them about cyber security careers and learning opportunities. Now in its third year it is running an ambitious programme of competitions and activities designed to spread the word about why cyber security is such a fulfilling and varied career and help talented people get their first cyber security.jobs., it is sponsored by some of the UK's most prestigious public, private and academic organisations and is making a notable difference to the career prospects of those with the talents and aptitude to become cyber security professionals. The following organisations are helping in various ways to deliver the Cyber Security Challenge UK and make it a success: Cabinet Office, Office for Information Assurance and Cyber Security HP PwC BT Cassidian GCHQ QinetiQ SANS Institute Sophos 2E2 7Safe CompTIA Dtex Systems Goscomb HMGCC Infosec Skills IRM (ISC)2 Metropolitan Police Central e-crime Unit (PCeU) Raytheon UK KPMG Royal Holloway, University of London Lancaster University DC3 Royal Mail Group Ultimate Communications DISA Field FisherWaterhouse LLP Ultra Electronics Information Assurance Advisory Council (IAAC) Invigia Level 3 Lockheed Martin MEMSET Northrop Grumman The Open University RSA Symantec Trusted Management Ltd Unisys Vodafone AFCEA BCS Council of Registered Ethical Security Testers (CREST) e-Skills UK Get Safe Online Institute of Information Security Professionals (ISSP) The Information Security Awareness Forum (ISAF) Information System Security Association (ISSA) US Cyber Challenge For more information please contact our media team: [email protected] 0845 680 1869 [Editorial queries for this story should be sent to [email protected]] ((Comments on this story may be sent to [email protected])) (c) 2012 Electronic News Publishing - |