ABSTRACT
In this paper, we describe the research questions and methodology for a study that will investigate the opportunities and skill gaps for IS workers in the field of IS compliance. IS compliance skills include knowledge of U.S. legislation - such as Sarbanes-Oxley (SOX) and Graham Leach Bliley Act (GLBA), as well as standards such as the Payment Card Industry Data Security Standard (PCI DSS) - and the impact of such requirements on the design, development and maintenance of information systems. In this study, we will investigate the current job skills being requested by employers and the current Information Systems degree and course offerings from U.S. business schools related to IS compliance. Using a field survey of U.S. employers and business schools, we plan to investigate future skill needs in IS compliance and the ability for current IS curricula to fill those needs.
- Bailey, J. and Stefaniak, G. 2002. Preparing the Information Technology Workforce for the New Millennium. Computer Personnel, 20 (4): p. 4. Google ScholarDigital Library
- Bone, J. 2010. Updating PCI Compliance to Thwart Breaches. Compliance Week. February 2, 2010.Google Scholar
- Brown, W. and Nasuti, F. 2005. Sarbanes-Oxley and Enterprise Security: IT Governance-What It Takes to Get the Job Done. Information Systems Security, 14(5): p. 15.Google ScholarCross Ref
- Byrd, T. and Turner, D. 2000. An Exploratory Analysis of the Value of the Skills of IT Personnel: Their Relationship to IS Infrastructure and Competitive Advantage. Decision Sciences, 32 (1): p. 21.Google ScholarCross Ref
- Compushare Appoints Financial Technology Risk Management Expert, Dwij Sharma, to Lead and Deliver Risk and Compliance Programs. Market Wire, October 20, 2008.Google Scholar
- Eze Castle Integration Launches Privacy Compliance Consulting Service to Guide Financial Firms through Evolving Regulatory Environment. Business Wire August 17, 2009.Google Scholar
- Downey, J., McMurtrey, M., and Zeltmann, S. 2008. Mapping the MIS Curriculum Based on Critical Skills of New Graduates: An Empirical Examination of IT Professionals. Journal of Information Systems Education, 19(3): p. 351.Google Scholar
- Ernst & Young. 2007. Global Information Security Survey, Technical report, 2007; Available online at http://www.ey.com/Publication/vwLUAssets/EY_TSRS_GISS2007/$FILE/EY_TSRS_GISS2007.pdf (Accessed October 13, 2009).Google Scholar
- Farwell, D., Kuramoto, L, Lee, D., Trauth, E., and Winslow, C. 1992. A New Paradigm for MIS: Implications for IS Professionals. Information Systems Management, 9(2): p. 7.Google ScholarCross Ref
- Federal Rules of Civil Procedure, 2007; Available online at http://www.law.cornell.edu/rules/frcp/ .Google Scholar
- Feeny, D. and Willcocks, L. 1998. Core IS Capabilities for Exploiting Information Technology. Sloan Management Review, 39 (30): pp. 9.Google Scholar
- Forcht, K., Kulonda, D., and Moates, W. 1987. Emerging Roles of the MIS Professional: Technocrat or Change Agent? Journal of Systems Management, 38(11): p. 10.Google ScholarDigital Library
- Gallivan, M., Truex III, D., Kvasny, L. 2004. Changing Patterns in IT Skill Sets 1988--2003: a Content Analysis of Classified Advertising. ACM SIGMIS Database, 35(3): p. 64. Google ScholarDigital Library
- Gillen, A. 1999. STARTUP -- Lack of Programmers with Skills in Legacy Languages; Java -- Industry Trend or Event -- Column. BNET. Feb 17, 1999.Google Scholar
- Gorgone, J., Gray, P., Stohr, E., Valacich, J. and Wigand, R. 2006. MSIS 2006: Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems. ACM SIGCSE Bulletin 38(2): p. 196. Google ScholarDigital Library
- Gramm-Leach-Bliley Act, 15 USC, Subchapter I, Sec. 6801--6809, Disclosure of Nonpublic Personal Information, FTC, 1999. Available online at http://www.ftc.gov/privacy/glbact/glbsub1.htm.Google Scholar
- Gupta, U. 2009. Information Security Careers 2009: Where the Jobs Are -- New Report Showcases Top Skills, Certifications, Roles for Experienced Professionals. GovInfoSecurity.com, September 16, 2009.Google Scholar
- Harris, J. and Cummings, M. 2007. Compliance Issues and IS Degree Programs. Journal of Computing Sciences in Colleges, 23(1):p. 14. Google ScholarDigital Library
- Health Insurance Portability and Accountability Act of 1996" Public Law 104--191. Available online at http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf.Google Scholar
- Hurley, J. 2006. The Struggle to Manage Security Compliance for Multiple Regulations. Computer Security Journal, 22(3).Google Scholar
- Igbaria, M., Greenhaus, J.H. and Parasuramn, S. 1991. Career Orientations of MIS Employees: an Empirical Analysis. MIS Quarterly 15: p. 151.Google ScholarDigital Library
- Information Security Veteran Joins Evolve IP; Carl Herberger to lead Evolve IP's Information Security & Compliance Services Practice. Business Wire, June 8, 2009.Google Scholar
- Janicki, T., Kline, D., Gowan, J. and Konopaske, R. 2004. Matching Employer Needs with IS Curriculum: An Exploratory Study. Information Systems Education Journal, 2 (21): p. 3.Google Scholar
- Jiang, J. and Klein, G. 2000. Supervisor support and career anchor impact on the career satisfaction of the entry-level information systems professional. Journal of Management Information Systems, 16: 219--240. Google ScholarDigital Library
- King, J. 2008. The Evolution of IT Jobs. CIO. February 27, 2008.Google Scholar
- Kirk, J. (2009). PCI survey finds some merchants don't use antivirus software. InfoWorld. September 23, 2009.Google Scholar
- Kung, M., Yang, S. and Zhang, Y. 2006. The Changing Information Systems (IS) Curriculum: A Survey of Undergraduate Programs in the United States. Journal of Education for Business, 81 (6), p. 291.Google ScholarCross Ref
- Lee, D., Trauth, E. and Farwell, D. 1999. Critical Skills and Knowledge Requirements of Information Systems Professionals: A Joint Academic / Industry Investigation, MIS Quarterly, 19: 313--340. Google ScholarDigital Library
- Lee, S., Koh, S., Yen, D., Tang, H. 2002. Perception Gaps Between IS Academics and IS Practitioners: an Exploratory Study. Information & Management, 40 (1): p. 51. Google ScholarDigital Library
- Miller, R. and Luse, D. 2004. Advancing the IS Curricula: The Identification of Important Communication Skills Needed by IS Staff During Systems Development. Journal of Information Technology Education, 3: p. 117.Google ScholarCross Ref
- Noll, C. and Wilkins, M. 2002. Critical Skills of IS Professionals: A Model for Curriculum Development. Journal of Information Technology Education, 1 (3): p. 143.Google ScholarCross Ref
- Nunamaker. J., Couger. J., and Davis, G. 1982. Information Systems Curriculum Recommendations for the 80s: Undergraduate and Graduate Programs. Communications of the ACM, p. 781.Google Scholar
- Panko, R. 2008. IT Employment Prospects: Beyond the Dotcom Bubble. European Journal of Information Systems, 17: p. 182.Google ScholarCross Ref
- PCI Security Standards Council. Payment Card Industry Data Security Standard: Requirements and Security Assessment Procedures v1.2.1, July 2009 available online at: https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html , (accessed August 14, 2009).Google Scholar
- Rasch, M. 2005 Sarbanes Oxley for IT Security? Security Focus, May 2, 2005.Google Scholar
- Rotbert Law Group, LLC and Information Technology Association of America. 2004. HIPAA and Its Legal Implications for Health Care Information Technology Solution Providers {White paper}.Google Scholar
- Sarbanes-Oxley Act of 2002, Pub. L. No. 107--204, 116 Stat. 745 (codified as amended in scattered sections of 15 U.S.C.) available online at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ204.107 .Google Scholar
- Securities Industry Association. 2006. The Costs of Compliance in the US Securities Industry: Survey Report", Available online at: http://www.sifma.org/research/surveys/pdf/CostofComplianceSurveyReport.pdf, (Accessed February 15, 2010).Google Scholar
- Sherer, S. 2002. Academic Departments of Information Systems Faculty in the US. Journal of Information Systems Education, 13 (2): p. 105.Google Scholar
- Sutcliffe, N., Chan, S. and Nakayama, M. 2005. Competency Based MSIS Curriculum". Journal of Information Systems Education, 16 (3): p. 301.Google Scholar
- Tashi, I. (2009). Regulatory Compliance and Information Security Assurance, 2009 International Conference on Availability, Reliability and Security, p. 670--674.Google ScholarCross Ref
- Tesch, D., Miller, R., Jiang, J., and Klein, G. 2005. Perception and expectation gaps of information systems provider skills: the impact on user satisfaction. Information Systems Journal, 15 (4): p. 343.Google ScholarCross Ref
- Theuri, P. and Gunn, R. 1998. Accounting Information Systems Course Structure and Employer Systems Skills Expectations. Journal of Accounting Education, 16 (1): p. 101.Google ScholarCross Ref
- Trauth. E., Farwell, D., and Lee. D. The IS Expectation Gap: Industry Expectations and Academic Preparation. MIS Quarterly, 13(3), p. 293. Google ScholarDigital Library
- Tucci, L. 2009. Governance, Risk and Compliance Spending not Focused on Technology, Compliance Management News. Available online at: http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html (Accessed February 15, 2010).Google Scholar
- Yaffe. J. 1989. MIS Education: A 20th Century Disaster. Journal of Systems Management, 40(4): pp. 10.Google ScholarDigital Library
- Younglai, Rachelle. 2009. U.S. SEC: No More SarbOx Delays for Small Firms. Reuters. October 2, 2009.Google Scholar
Index Terms
- Skill gaps and careers in IS compliance: implications for IS degree programs in the U.S.
Recommendations
Impact of organizational maturity on information system skill needs
This article presents the results of a study which analyzes skills perceived as useful by information systems (IS) managers and systems analysts in IS organizations of different levels of maturity. These IS skills were examined under two major subgroups ...
The is expectation gap: industry expectations versus academic preparation
Recent changes in information systems technologies, applications, and personnel require us to reconsider the skills for tomorrow's IS professionals. This study uses data from four groups-IS managers, end-user managers, IS consultants, and IS professors-...
Coporate IT skill needs: a case study of BigCo.
This paper reports on a case study of the IT skills and needs at one site. The data is organized by assessing the members of BigCo's Corporate IT group regarding their present IT skill levels and the perception of skill needs both now and three years in ...
Comments