Cyber Security Education and Training

1. Cyber Security Competency Training Development Blueprint

   To strengthen the cyber security workforce and cultivate agencies’ cyber security capacity, the Administration implemented the cyber security competency training development blueprint, regularly training agencies’ cyber security and information personnel. By helping government agencies’ cyber security personnel build necessary professional skills, the Administration meets cyber security education and training requirements designated in the "Regulations on Classification of Cyber Security Responsibility Levels." The Administration’s works include:

   1. （1）Developing cyber security competency training course materials for institutions
   2. （2）Holding cyber security defense seminars across the country, promoting cyber security policy and threat awareness
   3. （3）Creating a cyber security exam question database, including exam questions created and reviewed by cyber security exports to enhance evaluation effectiveness
   4. （4）Organizing cyber security competitions, discovering potential cyber security talents, reinforcing cyber security offense and defense skills
   5. （5）Building a cyber security talent database, managing government agency cyber security workforce allocation.

   Please visit the Cyber Security Talent Training website (https://ctts.nics.nat.gov.tw/) and the  Cyber Security Competence Training Course page (https://ctts.nics.nat.gov.tw/DownloadDetail/68) .

2. Cyber Security Personnel Competence

   The required skills of cyber security personnel are divided into the three facets of strategy, management, and technicality according to their job functions, while required competence is categorized into the two levels of common and professional competence. Common competence refers to having basic awareness of cyber security and relevant regulations. Professional competence includes skills corresponding to the strategy, management, and technicality facets; strategic skills include cyber security strategy planning, work inspection, resource coordination, and performance evaluation; management skills include cyber security mechanism planning, management and operation, risk evaluation, and work auditing; technical skills include network management, incident response, cyber security testing, software/system management, and intelligence analysis.

3. Cyber Security Governance System

   To implement the cyber security governance system, enhance cyber security defense equipment, and build objective indicators to better evaluations, the government conducts the following works:

   1. （1）Setting objective government agency cyber security governance maturity indicator evaluation items and organizing information sessions for agencies
   2. （2）Completing training courses in accordance with the Cyber Security Service Team and providing in-person guidance and consultation to help agencies reach cyber security goals
   3. （3）Updating evaluation items and system functions as well as understanding cyber security defense progress according to training course feedback and evaluation suggestions
4. Cyber Security In-person Guidance

   The Cyber Security Service Team provides in-person guidance at agencies. The guidance they provide encompasses the strategic, management, and technical facets of cyber security defense. After counselors discuss their practical experience with agencies receiving guidance, they provide specific suggestions to enhance agencies’ cyber security capacity. The results of the guidance are organized and analyzed to generate improvement measures, relevant suggestions,  and reports. The review focuses on the strategic, management, and technical facets; details are as follows:

   1. （1）Strategy: review the implementation of agencies’ cyber security policies, including cyber security promotion organization, leader support, resource investment in cyber security, cyber security governance maturity evaluation, and cyber security compliance item operation, planning, and implementation; operational technology(OT)-related items are also included for critical infrastructure providers
   2. （2）Management: assist agencies with implementing cyber security management, including cyber security management outsourcing,  cyber security incident reporting and response, information property management and risk evaluation, and digital data protection and management.
   3. （3）Technicality: provide agencies with cyber security technical guidance, including web security management, secure information and communication system development, email safety management,  cyber security weakness and government configuration baseline (GCB) security management.