research-article

Skill gaps and careers in IS compliance: implications for IS degree programs in the U.S.

Authors:
Christina N. Outlay

DePaul University, Chicago, IL, USA

DePaul University, Chicago, IL, USA
View Profile

,
Poornima Krishnan

University of Illinois at Chicago, Chicago, IL, USA

University of Illinois at Chicago, Chicago, IL, USA
View Profile

SIGMIS-CPR '10: Proceedings of the 2010 Special Interest Group on Management Information System's 48th annual conference on Computer personnel research on Computer personnel researchMay 2010Pages 130–135https://doi.org/10.1145/1796900.1796953

Published:20 May 2010Publication History

SIGMIS-CPR '10: Proceedings of the 2010 Special Interest Group on Management Information System's 48th annual conference on Computer personnel research on Computer personnel research

Pages 130–135

ABSTRACT

In this paper, we describe the research questions and methodology for a study that will investigate the opportunities and skill gaps for IS workers in the field of IS compliance. IS compliance skills include knowledge of U.S. legislation - such as Sarbanes-Oxley (SOX) and Graham Leach Bliley Act (GLBA), as well as standards such as the Payment Card Industry Data Security Standard (PCI DSS) - and the impact of such requirements on the design, development and maintenance of information systems. In this study, we will investigate the current job skills being requested by employers and the current Information Systems degree and course offerings from U.S. business schools related to IS compliance. Using a field survey of U.S. employers and business schools, we plan to investigate future skill needs in IS compliance and the ability for current IS curricula to fill those needs.

References

Bailey, J. and Stefaniak, G. 2002. Preparing the Information Technology Workforce for the New Millennium. Computer Personnel, 20 (4): p. 4. Google ScholarDigital Library
Bone, J. 2010. Updating PCI Compliance to Thwart Breaches. Compliance Week. February 2, 2010.Google Scholar
Brown, W. and Nasuti, F. 2005. Sarbanes-Oxley and Enterprise Security: IT Governance-What It Takes to Get the Job Done. Information Systems Security, 14(5): p. 15.Google ScholarCross Ref
Byrd, T. and Turner, D. 2000. An Exploratory Analysis of the Value of the Skills of IT Personnel: Their Relationship to IS Infrastructure and Competitive Advantage. Decision Sciences, 32 (1): p. 21.Google ScholarCross Ref
Compushare Appoints Financial Technology Risk Management Expert, Dwij Sharma, to Lead and Deliver Risk and Compliance Programs. Market Wire, October 20, 2008.Google Scholar
Eze Castle Integration Launches Privacy Compliance Consulting Service to Guide Financial Firms through Evolving Regulatory Environment. Business Wire August 17, 2009.Google Scholar
Downey, J., McMurtrey, M., and Zeltmann, S. 2008. Mapping the MIS Curriculum Based on Critical Skills of New Graduates: An Empirical Examination of IT Professionals. Journal of Information Systems Education, 19(3): p. 351.Google Scholar
Ernst & Young. 2007. Global Information Security Survey, Technical report, 2007; Available online at http://www.ey.com/Publication/vwLUAssets/EY_TSRS_GISS2007/$FILE/EY_TSRS_GISS2007.pdf (Accessed October 13, 2009).Google Scholar
Farwell, D., Kuramoto, L, Lee, D., Trauth, E., and Winslow, C. 1992. A New Paradigm for MIS: Implications for IS Professionals. Information Systems Management, 9(2): p. 7.Google ScholarCross Ref
Federal Rules of Civil Procedure, 2007; Available online at http://www.law.cornell.edu/rules/frcp/ .Google Scholar
Feeny, D. and Willcocks, L. 1998. Core IS Capabilities for Exploiting Information Technology. Sloan Management Review, 39 (30): pp. 9.Google Scholar
Forcht, K., Kulonda, D., and Moates, W. 1987. Emerging Roles of the MIS Professional: Technocrat or Change Agent? Journal of Systems Management, 38(11): p. 10.Google ScholarDigital Library
Gallivan, M., Truex III, D., Kvasny, L. 2004. Changing Patterns in IT Skill Sets 1988--2003: a Content Analysis of Classified Advertising. ACM SIGMIS Database, 35(3): p. 64. Google ScholarDigital Library
Gillen, A. 1999. STARTUP -- Lack of Programmers with Skills in Legacy Languages; Java -- Industry Trend or Event -- Column. BNET. Feb 17, 1999.Google Scholar
Gorgone, J., Gray, P., Stohr, E., Valacich, J. and Wigand, R. 2006. MSIS 2006: Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems. ACM SIGCSE Bulletin 38(2): p. 196. Google ScholarDigital Library
Gramm-Leach-Bliley Act, 15 USC, Subchapter I, Sec. 6801--6809, Disclosure of Nonpublic Personal Information, FTC, 1999. Available online at http://www.ftc.gov/privacy/glbact/glbsub1.htm.Google Scholar
Gupta, U. 2009. Information Security Careers 2009: Where the Jobs Are -- New Report Showcases Top Skills, Certifications, Roles for Experienced Professionals. GovInfoSecurity.com, September 16, 2009.Google Scholar
Harris, J. and Cummings, M. 2007. Compliance Issues and IS Degree Programs. Journal of Computing Sciences in Colleges, 23(1):p. 14. Google ScholarDigital Library
Health Insurance Portability and Accountability Act of 1996" Public Law 104--191. Available online at http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf.Google Scholar
Hurley, J. 2006. The Struggle to Manage Security Compliance for Multiple Regulations. Computer Security Journal, 22(3).Google Scholar
Igbaria, M., Greenhaus, J.H. and Parasuramn, S. 1991. Career Orientations of MIS Employees: an Empirical Analysis. MIS Quarterly 15: p. 151.Google ScholarDigital Library
Information Security Veteran Joins Evolve IP; Carl Herberger to lead Evolve IP's Information Security & Compliance Services Practice. Business Wire, June 8, 2009.Google Scholar
Janicki, T., Kline, D., Gowan, J. and Konopaske, R. 2004. Matching Employer Needs with IS Curriculum: An Exploratory Study. Information Systems Education Journal, 2 (21): p. 3.Google Scholar
Jiang, J. and Klein, G. 2000. Supervisor support and career anchor impact on the career satisfaction of the entry-level information systems professional. Journal of Management Information Systems, 16: 219--240. Google ScholarDigital Library
King, J. 2008. The Evolution of IT Jobs. CIO. February 27, 2008.Google Scholar
Kirk, J. (2009). PCI survey finds some merchants don't use antivirus software. InfoWorld. September 23, 2009.Google Scholar
Kung, M., Yang, S. and Zhang, Y. 2006. The Changing Information Systems (IS) Curriculum: A Survey of Undergraduate Programs in the United States. Journal of Education for Business, 81 (6), p. 291.Google ScholarCross Ref
Lee, D., Trauth, E. and Farwell, D. 1999. Critical Skills and Knowledge Requirements of Information Systems Professionals: A Joint Academic / Industry Investigation, MIS Quarterly, 19: 313--340. Google ScholarDigital Library
Lee, S., Koh, S., Yen, D., Tang, H. 2002. Perception Gaps Between IS Academics and IS Practitioners: an Exploratory Study. Information & Management, 40 (1): p. 51. Google ScholarDigital Library
Miller, R. and Luse, D. 2004. Advancing the IS Curricula: The Identification of Important Communication Skills Needed by IS Staff During Systems Development. Journal of Information Technology Education, 3: p. 117.Google ScholarCross Ref
Noll, C. and Wilkins, M. 2002. Critical Skills of IS Professionals: A Model for Curriculum Development. Journal of Information Technology Education, 1 (3): p. 143.Google ScholarCross Ref
Nunamaker. J., Couger. J., and Davis, G. 1982. Information Systems Curriculum Recommendations for the 80s: Undergraduate and Graduate Programs. Communications of the ACM, p. 781.Google Scholar
Panko, R. 2008. IT Employment Prospects: Beyond the Dotcom Bubble. European Journal of Information Systems, 17: p. 182.Google ScholarCross Ref
PCI Security Standards Council. Payment Card Industry Data Security Standard: Requirements and Security Assessment Procedures v1.2.1, July 2009 available online at: https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html , (accessed August 14, 2009).Google Scholar
Rasch, M. 2005 Sarbanes Oxley for IT Security? Security Focus, May 2, 2005.Google Scholar
Rotbert Law Group, LLC and Information Technology Association of America. 2004. HIPAA and Its Legal Implications for Health Care Information Technology Solution Providers {White paper}.Google Scholar
Sarbanes-Oxley Act of 2002, Pub. L. No. 107--204, 116 Stat. 745 (codified as amended in scattered sections of 15 U.S.C.) available online at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ204.107 .Google Scholar
Securities Industry Association. 2006. The Costs of Compliance in the US Securities Industry: Survey Report", Available online at: http://www.sifma.org/research/surveys/pdf/CostofComplianceSurveyReport.pdf, (Accessed February 15, 2010).Google Scholar
Sherer, S. 2002. Academic Departments of Information Systems Faculty in the US. Journal of Information Systems Education, 13 (2): p. 105.Google Scholar
Sutcliffe, N., Chan, S. and Nakayama, M. 2005. Competency Based MSIS Curriculum". Journal of Information Systems Education, 16 (3): p. 301.Google Scholar
Tashi, I. (2009). Regulatory Compliance and Information Security Assurance, 2009 International Conference on Availability, Reliability and Security, p. 670--674.Google ScholarCross Ref
Tesch, D., Miller, R., Jiang, J., and Klein, G. 2005. Perception and expectation gaps of information systems provider skills: the impact on user satisfaction. Information Systems Journal, 15 (4): p. 343.Google ScholarCross Ref
Theuri, P. and Gunn, R. 1998. Accounting Information Systems Course Structure and Employer Systems Skills Expectations. Journal of Accounting Education, 16 (1): p. 101.Google ScholarCross Ref
Trauth. E., Farwell, D., and Lee. D. The IS Expectation Gap: Industry Expectations and Academic Preparation. MIS Quarterly, 13(3), p. 293. Google ScholarDigital Library
Tucci, L. 2009. Governance, Risk and Compliance Spending not Focused on Technology, Compliance Management News. Available online at: http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html (Accessed February 15, 2010).Google Scholar
Yaffe. J. 1989. MIS Education: A 20th Century Disaster. Journal of Systems Management, 40(4): pp. 10.Google ScholarDigital Library
Younglai, Rachelle. 2009. U.S. SEC: No More SarbOx Delays for Small Firms. Reuters. October 2, 2009.Google Scholar

Index Terms

Skill gaps and careers in IS compliance: implications for IS degree programs in the U.S.
1. Social and professional topics
  1. Computing / technology policy
    1. Government technology policy
      1. Governmental regulations
  2. Professional topics
    1. Computing education
      1. Computing education programs
        Information systems education
      2. Model curricula
    2. Computing profession
      1. Computing occupations

Recommendations

Impact of organizational maturity on information system skill needs

This article presents the results of a study which analyzes skills perceived as useful by information systems (IS) managers and systems analysts in IS organizations of different levels of maturity. These IS skills were examined under two major subgroups ...
Read More
The is expectation gap: industry expectations versus academic preparation

Recent changes in information systems technologies, applications, and personnel require us to reconsider the skills for tomorrow's IS professionals. This study uses data from four groups-IS managers, end-user managers, IS consultants, and IS professors-...
Read More
Coporate IT skill needs: a case study of BigCo.

This paper reports on a case study of the IT skills and needs at one site. The data is organized by assessing the members of BigCo's Corporate IT group regarding their present IT skill levels and the perception of skill needs both now and three years in ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGMIS-CPR '10: Proceedings of the 2010 Special Interest Group on Management Information System's 48th annual conference on Computer personnel research on Computer personnel research
May 2010
190 pages
ISBN:9781450300049
DOI:10.1145/1796900
General Chair:
Mike Gallivan
Georgia State University, USA
,
Program Chairs:
Jack Downey
University of Limerick, Ireland
,
Damien Joseph
Nanyang Technological University, Singapore
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 May 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
information systems (IS) skills
information systems compliance
information systems curriculum
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate300of480submissions,63%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 405
  Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Skill gaps and careers in IS compliance: implications for IS degree programs in the U.S.

SIGMIS-CPR '10: Proceedings of the 2010 Special Interest Group on Management Information System's 48th annual conference on Computer personnel research on Computer personnel research

ABSTRACT

References

Cited By

Index Terms

Recommendations

Impact of organizational maturity on information system skill needs

The is expectation gap: industry expectations versus academic preparation

Coporate IT skill needs: a case study of BigCo.