Viet Nam national cybersecurity education capacity assessment - ITUPublications
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
ITUPublications International Telecommunication Union
Development Sector
Viet Nam national
cybersecurity education
capacity assessment
Viet Nam national cybersecurity education capacity assessment
Acknowledgements
The Viet Nam cybersecurity education capacity assessment was prepared by Matthew Griffin,
consultant to the International Telecommunication Union (ITU), under the supervision of the ITU
Regional Office for Asia and the Pacific, the ITU Area Office for Southeast Asia and Timor-Leste,
and the ITU Telecommunication Development Bureau (BDT).
ITU would like to thank Le Duy Tien, Nguyen Thi Khanh Thuan and Nguyen Van Thuat, Authority
of Information Security (AIS), Ministry of Information and Communications (MIC), for supporting
the assessment process.
DISCLAIMER
The designations employed and the presentation of the material in this publication do not imply the
expression of any opinion whatsoever on the part of ITU concerning the legal status of any country,
territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries.
The mention of specific companies or of certain manufacturers’ products does not imply that they are
endorsed or recommended by ITU in preference to others of a similar nature that are not mentioned.
Errors and omissions excepted, the names of proprietary products are distinguished by initial capital
letters.
All reasonable precautions have been taken by ITU to verify the information contained in this publica-
tion. However, the published material is being distributed without warranty of any kind, either expressed
or implied. The responsibility for the interpretation and use of the material lies with the reader.
The opinions, findings and conclusions expressed in this publication do not necessarily reflect the
views of ITU or its membership.
ISBN
978-92-61-33071-2 (Paper version)
978-92-61-33081-1 (Electronic version)
978-92-61-33091-0 (EPUB version)
978-92-61-33101-6 (Mobi version)
Please consider the environment before printing this report.
© ITU 2021
Some rights reserved. This work is licensed to the public through a Creative Commons Attribution-Non-
Commercial-Share Alike 3.0 IGO license (CC BY-NC-SA 3.0 IGO).
Under the terms of this licence, you may copy, redistribute and adapt the work for non-commercial purposes,
provided the work is appropriately cited. In any use of this work, there should be no suggestion that ITU
endorse any specific organization, products or services. The unauthorized use of the ITU names or logos is
not permitted. If you adapt the work, then you must license your work under the same or equivalent Creative
Commons licence. If you create a translation of this work, you should add the following disclaimer along
with the suggested citation: “This translation was not created by the International Telecommunication Union
(ITU). ITU is not responsible for the content or accuracy of this translation. The original English edition shall
be the binding and authentic edition”. For more information, please visit https://creativecommons.org/
licenses/by-nc-sa/3.0/igo/Executive summary
This report assesses cybersecurity education capacity in the Socialist Republic of Viet Nam. The
International Telecommunication Union (ITU) experts carried out this work at the invitation of
the Authority of Information Security (AIS), Ministry of Information and Communications (MIC).
The objective of the assessment is to provide information that will help the Government of Viet
Nam in future cybersecurity education and capacity development initiatives.
Evidence gathered from national cybersecurity education and research capacity, professional
training and certification, public and executive awareness, administration and governance
included cybersecurity education capacity indicators, government policy information and
reports, and the ITU 2020 Global Cybersecurity Index survey responses for Viet Nam.
Assessment of cybersecurity education capacity in Viet Nam
This report provides information on cybersecurity education in Viet Nam, which includes
undergraduate, postgraduate, and doctoral level courses, and presents similar education
programmes in Australia, Singapore, and the United Kingdom. In addition, this report provides
recommendations for future cybersecurity education capacity initiatives as well as lists of useful
sources of benchmark initiatives and resources.
Primary and secondary school education
The need to incorporate cybersecurity skills as part of the education transformation experience
has been recognized through Prime Minister Decision No. 893/QD-TTg in 2015 approving
projects on communication, discipline, awareness and responsibility for information security
to 2020, and which includes primary and secondary school level activities. Examples of current
initiatives include:
– Youthspark Digital Inclusion (YDI): a digital skills and online safety programme.
– Youth Internet Governance Forum: an opportunity for young people to participate in policy
debates.
– ICT Talks: a series of knowledge-sharing presentations targeted at young people.
However, the development of primary and secondary school cybersecurity education capacity
will rely on improving:
– access to quality education resources in remote areas, as well as low participation and
completion rates for women, and ethnic minorities;
– the absence of primary and secondary school level cybersecurity teaching;
– the absence of experienced and qualified ICT and cybersecurity teachers.
Higher education and research
In 2014, Prime Minister Decision No. 99/QD-TTg set out a national programme to train and
develop human resources for information safety and security that identified eight training
institutions to work with the Ministry of Education and Training (MOET) to build training
iiiframeworks, develop and share curricula, and collaborate on joint research programmes in
the advancement of information security education.
Examples of current initiatives include:
– identification of institutions to develop cybersecurity education and training;
– introduction of cybersecurity programmes at undergraduate, postgraduate, and doctoral
levels;
– establishment of cybersecurity research centres.
The future development of cybersecurity higher education and research in Viet Nam will depend
on:
– increasing specialist cybersecurity undergraduate and postgraduate education and
training;
– wider access to cybersecurity education that is currently limited to university courses;
– greater engagement of industry and government cybersecurity professionals in higher
education;
– development of an official national cybersecurity accreditation / certification programme.
Professional training and certification
The need for a national programme for cybersecurity training was addressed in Decision No.
99/QD-TTg, which focuses on specific training targets and initiatives to create domestic training
courses and establish opportunities for a range of internationally recognized certification
courses overseas. These courses initially focused on training managers and leaders, with priority
given to national and local government employees, as well as specific government security and
defense agencies.
Examples of initiatives include:
– sector specific cybersecurity courses including for Critical Information Infrastructure,
Financial, and Judicial and Legal sectors;
– locally based private sector training providers;
– professional certification including Certified Information Systems Auditor (CISA), Offensive
Security Web Expert (OSWE), Offensive Certified Professional (OSCP).
The future development of professional training and certification in cybersecurity will depend
on:
– the extent to which non-technical training in cybersecurity is made available, in addition
to the range of technical areas covered in professional training courses;
– the extent to which professional training in cybersecurity is available across Viet Nam;
– the extent to which professional training in cybersecurity is measured in terms of its
effectiveness in delivering professional training outcomes.
Public and executive awareness
Following Decision No. 893/QD-TTg, the AIS has been implementing a national programme
to raise cybersecurity awareness in Viet Nam since 2015. The programme is aimed at different
audience segments and includes cooperation with government and non-government
organizations including the Viet Nam e-ICT Authority, news agencies, broadcasters, and
cybersecurity training institutions.
ivExamples of initiatives include:
– Digital Citizenship Vietnam: aims to promote online safety and digital skills.
– ‘I’m 00100’: a special TV show that provides messages about data privacy in the digital
economy;
– ‘Think before you share’: an online safety campaign.
The future development of public and government employee awareness of cybersecurity will
depend on:
– public cybersecurity awareness programmes, including initiatives that target specifical
segments of the population;
– high level training to ensure government and non-government organization leaders are
aware of cybersecurity risks;
– cybersecurity awareness programmes to measure the impact of raising cybersecurity
awareness and safety literacy and behaviour.
Administration and governance
In 2010, Prime Minister Decision No. 63/QD-TTg approved a national plan on the development of
digital information security that included the need to develop human resources in cybersecurity
as well as the need for investment in cybersecurity research, including upgrading of equipment
and laboratories, and international research collaboration with reputable research institutions
around the world.
In 2014, Prime Minister Decision No. 99/QD-TTg detailed and approved a nationwide
programme to train and develop human resources in information safety and security. It set out
government incentives and activities to build and retain a cybersecurity workforce, and it detailed
specific indicators to measure the success of the national programme, which included targets
for cybersecurity education and training institutions, and enrolment levels in cybersecurity
education programmes, such as degrees, shorter-term professional training courses, as well
as targets for cybersecurity educator training.
Examples of initiatives include:
– a national cybersecurity council including representatives from government ministries and
private sector representatives with the role of providing advice on policy design;
– public-private partnerships in cybersecurity, including annual events such as the
Cybersecurity Summit and the Viet Nam Information Security Day;
– tax incentives to encourage private sector organizations to invest in cybersecurity capacity
development.
The future development of cybersecurity education administration and governance will depend
on:
– cybersecurity education and training availability, as the increasing demand for cybersecurity
across government and non-government organizations places greater pressure on
capacity.
– the means to enter cybersecurity roles other than through higher education pathways;
– a multi-stakeholder perspective in cybersecurity education policymaking to ensure
capacity;
– the need to identify and develop metrics to be able to measure the return on investment
on the range of cybersecurity education capacity initiatives.
vRecommendations and next steps
The recommendations in this report have been prepared to assist with the development and
implementation of future cybersecurity education capacity initiatives in Viet Nam and include
information on benchmark initiatives and resources. This report also suggests that further
research involving the public, private, academic, and civil society sectors may help to identify
priority areas that are likely to have the greatest impact in achieving policy goals, as well as
optimizing resource allocation and return on investment. In order to share lessons and leverage
future cybersecurity education initiatives and resources, the Government of Viet Nam would
benefit from ITU support and from participation in international forums such as the Global
Forum on Cyber Expertise (GFCE) Working Group D on Cyber Security Culture and Skills, in
addition to showcasing successful initiatives on the Cyber Capacity Knowledge Portal (Cybil).
viTable of contents
Executive summary������������������������������������������������������������������������������������������������������������������������iii
List of tables����������������������������������������������������������������������������������������������������������������������������������viii
1 Introduction���������������������������������������������������������������������������������������������������������������������������� 1
1.1 Background����������������������������������������������������������������������������������������������������������������� 1
1.2 Methodology��������������������������������������������������������������������������������������������������������������� 2
2 Undergraduate, postgraduate, and doctoral courses ����������������������������������������������������� 3
2.1 Undergraduate programmes������������������������������������������������������������������������������������ 4
2.2 Postgraduate programmes���������������������������������������������������������������������������������������� 7
2.3 Doctoral programmes���������������������������������������������������������������������������������������������� 10
2.4 Summary and benchmarking���������������������������������������������������������������������������������� 11
3 Education and training capacity assessment ������������������������������������������������������������������ 12
3.1 Primary and secondary school cybersecurity capacity����������������������������������������� 12
3.2 Higher education and research capacity��������������������������������������������������������������� 13
3.3 Professional training and certification capacity����������������������������������������������������� 16
3.4 Public and executive awareness ���������������������������������������������������������������������������� 18
3.5 Administration and governance����������������������������������������������������������������������������� 20
4 Recommendations��������������������������������������������������������������������������������������������������������������� 23
4.1 Primary and secondary schools������������������������������������������������������������������������������� 23
4.2 Higher education and research������������������������������������������������������������������������������� 24
4.3 Professional training and certification�������������������������������������������������������������������� 25
4.4 Public and executive awareness����������������������������������������������������������������������������� 26
4.5 Administration and governance����������������������������������������������������������������������������� 27
5 Next steps����������������������������������������������������������������������������������������������������������������������������� 29
Annex A: National cybersecurity education capacity indicators������������������������������������������� 31
List of acronyms���������������������������������������������������������������������������������������������������������������������������� 33
viiList of tables
Tables
Table 1: Catalogue of undergraduate cybersecurity programmes������������������������������������� 4
Table 2: Catalogue of postgraduate cybersecurity programmes���������������������������������������� 7
Table 3: Catalogue of doctoral cybersecurity programmes����������������������������������������������� 10
Table 4: Capacity Indicators of National Cybersecurity Education������������������������������������ 32
viiiViet Nam national cybersecurity education capacity assessment
1 Introduction
This introduction provides the context for the cybersecurity education capacity assessment in
Viet Nam and outlines the methodology used. At the invitation of the Authority of Information
Security (AIS), Ministry of Information and Communications (MIC), and in collaboration with an
independent cybersecurity education and capacity development consultant, the International
Telecommunication Union (ITU) conducted an assessment of the cybersecurity education
capacity of Viet Nam. The objective of the assessment was to support the Government of
Viet Nam to gain an understanding of its cybersecurity education capacity in order to inform
future cybersecurity capacity development initiatives. During November and December 2020,
ITU completed secondary research with the support of representatives from the Authority of
Information Security and the Ministry of Information and Communications.
Chapter 2 lists the cybersecurity education available in Viet Nam as well as higher education
courses provided in other countries. Chapter 3 assesses cybersecurity education capacity in
Viet Nam across primary and secondary schools, higher education and research, professional
training and certification, public and executive awareness, administration and governance.
Chapter 4 sets out recommendations for future national cybersecurity education capacity
planning and next steps.
This assessment of national cybersecurity education capacity in Viet Nam is not intended to
provide a quantitative score or establish a maturity level or ranking. Instead, the process is
designed to identify the current range of cybersecurity education initiatives in Viet Nam and
determine any gaps in capacity based on global cybersecurity education capacity benchmarks.
1.1 Background
Digital transformation is at the heart of the opportunities and challenges of the 21st century.
Digitalization has become the essential pillar of modern business, critical services, infrastructure,
and the global economy, with cybersecurity becoming one of the fastest growing industries in
the world. This reliance on technology has also introduced significant vulnerabilities in modern
societies leading to gradual demand for increased cybersecurity protection.
The confidentiality, integrity, and availability of ICT infrastructure is faced with rapidly evolving
cyber-threats, including electronic fraud, theft of personal identifiable information, disruption of
service, and destruction of property, which need to be matched with a growth of cybersecurity
skills globally. The capacity to prevent cyber-attacks against people and infrastructure depends
on the availability, skills, and readiness of a cybersecurity trained workforce, in addition to a
responsive educational system that can build such capabilities.
With increased reliance on digital technologies, cybersecurity has emerged as one of the key
risks facing governments around the world with the potential to impact national security and
economic prosperity.1 In 2014, as part of an ongoing response to this cybersecurity risk, the
Government of Viet Nam approved Prime Minister Decision No.: 99/QD-TTg, which sets out a
programme for training and human resource development in information safety and security
up to 2020. This programme outlined broad objectives to strengthen national cybersecurity
1
World Economic Forum, 2020, “Future Series: Cybersecurity, emerging technology and systemic risk,”
http://www3.weforum.org/docs/WEF_Future_Series_Cybersecurity_emerging_technology_and_systemic
_risk_2020.pdf (accessed 10 November 2020) p.4
1Viet Nam national cybersecurity education capacity assessment
capacity through the development and implementation of a range of education and training
initiatives.
This report provides an assessment of the current state of cybersecurity education capacity in
Viet Nam at the end of this programme period in order to assist the Government of Viet Nam
with their planning for future initiatives.
1.2 Methodology
National cybersecurity education capacity metrics
In order to establish the criteria to assess the national cybersecurity education capacity of Viet
Nam, four global cybersecurity assessment frameworks were reviewed:
i) National Cyber Security Index (NCSI)2 developed by the e-Governance Academy
Foundation.
ii) Cybersecurity Capacity Maturity Model for Nations (CMM)3 developed by the Global Cyber
Security Capacity Centre (GCSCC) at the University of Oxford.
iii) Global Cybersecurity Index (GCI)4 developed by the International Telecommunication
Union (ITU).
iv) Cyber Readiness Index (CRI)5 developed by the Potomac Institute for Policy Studies.
Five overarching components of national cybersecurity education capacity were identified:
1 primary and secondary school;
2 higher education and research;
3 professional training and certification;
4 public and executive awareness;
5 administration and governance.
Specific indicators for each component of national cybersecurity education capacity are detailed
in Appendix A. These indicators were chosen on the basis of the following criteria:
– relevance to the five components of national cybersecurity education capacity;
– relevance to the objectives of the Viet Nam cybersecurity education assessment project;
– data availability and quality;
– possibility for cross validation between primary and secondary data.
Data collection
Secondary data collection was completed in order to gather evidence of national cybersecurity
education capacity and conditions in Viet Nam. This included:
– research of publicly available information related to cybersecurity education capacity
indicators;
2
E-Governance Academy Foundation, 2020, https://ncsi.ega.ee/(accessed November 12, 2020)
3
Global Cyber Security Capacity Centre, 2016, https://gcscc.ox.ac.uk/files/cmmrevisededition090220171pdf
(accessed November 12, 2020).
4
ITU, 2018, https://www.itu.int/dms_pub/itu-d/opb/str/D- STR-GCI.01-2018-PDF-E.pdf (accessed November
12, 2020).
5
Potomac Institute, 2015, https://www.potomacinstitute.org/images/CRIndex2.0.pdf (accessed November
12, 2020).
2Viet Nam national cybersecurity education capacity assessment
– resources including government policy information and reports;
– the ITU 2020 Global Cybersecurity Index survey.
Data analysis
Data analysis tools were developed for each of the five components of national cybersecurity
education capacity and their corresponding indicators. Deductive content analysis was then
completed in order to identify evidence and themes, which were subsequently mapped to
capacity indicators. The analysis process was conducted by an independent consultant with
experience conducting national cybersecurity capacity maturity reviews, with oversight from
ITU cybersecurity specialists.
Limitations
Although this report constitutes a full analysis and assessment of cybersecurity education
capacity in Viet Nam, the COVID-19 pandemic restricted travel to Viet Nam, did not allow for
in-person data collection, and impacted the primary research, which relied heavily on English
language sources.
2 Undergraduate, postgraduate, and doctoral courses
This section presents undergraduate, postgraduate, and doctoral courses in cybersecurity in
Viet Nam. References to similar higher education programmes in Australia, Singapore, and
the United Kingdom were drawn from the National Cyber Security Index6 as international
benchmarks.
6
E-Governance Academy Foundation, 2020, “NCSI”
3Viet Nam national cybersecurity education capacity assessment
2.1 Undergraduate programmes
Table 1: Catalogue of undergraduate cybersecurity programmes
Programme title Provider Description Country
Bachelor of Science/ Hanoi – Information technology offered as Viet Nam
Engineering University of one of 28 disciplines within the pro-
(Note 1) Science and gramme.
Technology – Information security offered as a
major within the information tech-
nology discipline.
Bachelor in IEI, Viet Nam – The programme is a Partnership Viet Nam
Information National Degree Programme with IEI, Viet
Technology University, Nam National University (Ho Chi
(Cyber Security Ho Chi Minh Minh). IEI is responsible for admis-
Administration) + University sions and the first two years of
(Note 2) of Turku studies in Viet Nam. Last year of
in Turku, studies is carried out in Turku,
Finland Finland. The degree is awarded by
the University of Turku.
– The programme provides students
with fundamental knowledge and
hands-on experience in information
technology and management.
– Includes graduation thesis.
Bachelor of Le Quy Don – Built on the foundation of the under- Viet Nam
Engineering in IT Technical graduate-level training curriculum in
(Note 3) University IT from ACM-IEEE Computer Society
organizations.
– Specializations offered in:
knowledge discovery and data min-
ing
software engineering
human computer interaction
networking
scientific computing
– includes thesis and industrial prac-
tice.
4Viet Nam national cybersecurity education capacity assessment
Table 1: Catalogue of undergraduate cybersecurity programmes (continued)
Programme title Provider Description Country
Bachelor in Cyber University of – All cybersecurity lectures, practical Viet Nam
Security Science and work, and tutorials are taught in
(Note 4) Technology English.
of Hanoi – Courses includes shared founda-
tion subjects with ICT specialty in
mathematics and computer science
and then moves into more detailed
cybersecurity areas with two catego-
ries: (i) information assurance and (ii)
network security.
– Includes an internship.
Bachelor of Viet Nam – Graduates master basic and spe- Viet Nam
Engineering National cialized knowledge of information
(Information Security) University security for information systems and
(Note 5) HCMS C – network infrastructure, meeting the
University of requirements of research and appli-
Information cation, capable of apply security
Technology. knowledge in designing, installing,
evaluating and operating informa-
tion systems.
– The programme includes opportu-
nity for internship and graduation
thesis.
Bachelor of Cyber Deakin – Students gain strong practical and Australia
Security University theoretical knowledge with an
(Note 6) emphasis on assessing cybersecu-
rity in a working environment, and
the business, ethical and legal impli-
cations of risk management.
– Students have the opportunity to
complete industry certifications.
– Minor sequences are offered in
either network security or security
management.
5Viet Nam national cybersecurity education capacity assessment
Table 1 – Catalogue of undergraduate cybersecurity programmes (continued)
Programme title Provider Description Country
Bachelor of National – The programme is offered in Singapore
Technology University of partnership with the School of
(Cybersecurity) Singapore Computing.
(Note 7) – Cybersecurity requires study of
information systems and orga-
nizations, information security
management, computer systems
security, and a capstone computing
project.
– Key learning outcomes include:
strong knowledge of computer sci-
ence foundations and fundamentals;
understanding of professional, ethi-
cal, legal, security, and social issues;
ability to analyse local and global
impacts of computing on individu-
als, organizations, and society.
BSc (Hons) Cyber University of – Partnership with Amazon Academy United
Security West London exposes students to security tech- Kingdom
(Note 8) nologies and solutions.
– The programme focuses on building
technical skills and business acu-
men.
– Begins with foundational princi-
ples in areas such as computing,
programming, mathematics and
computer architecture. Builds up to
key topics in security and advanced
cybersecurity topics.
Note 1: Hanoi University of Science and Technology, 2020, “4 years Bachelor’s,” https://en.hust.edu.vn/display
-academics/-/asset_publisher/sum9Zls6uqmE/content/bachelor-s (accessed 16 November 2020).
Note 2: IEI, 2020, “Bachelor of Information Technology – Finland,” https://www.iei.edu.vn/chuong-trinh-cu-nhan-cong
-nghe-thong-tin (accessed 16 November 2020).
Note 3: Le Quy Don Technical University, 2020, “Academic Program Undergraduate Studies,” http://fit.lqdtu.edu.vn/
educationlevel.aspx?code=dh (accessed 16 November 2020).
Note 4: University of Science and technology of Hanoi, 2020, “Bachelor in Cyber Security,” https://usth.edu.vn/en/
programusth/bachelor/bachelor-in-cyber-security-143.html (accessed 16 November 2020).
Note 5: University of Information Technology, 2020, “Training programs” https://daa.uit.edu.vn/content/chuong-trinh
-dao-tao-tu-khoa-7-tro-di (accessed 16 November 2020).
Note 6: Deakin University, 2020, “Bachelor of Cyber Security” https://www.deakin.edu.au/course/bachelor-cyber
-security (accessed 16 November 2020).
Note 7: National University of Singapore, 2020, “Bachelor of Technology (Cybersecurity),” http://www.nus.edu.sg/
nusbulletin/school-of-continuing-and-lifelong-education/undergraduate-education/btech-computing/bachelor-of
-technology-cybersecurity/(accessed 16 November 2020).
Note 8: University of West London, 2020, “Cyber Security BSc (Hons),” https://www.uwl.ac.uk/course/undergraduate/
cyber-security?redirect=1&source=course/cyber-security-4/34948&start=266&option=33 (accessed 16 November
2020).
6Viet Nam national cybersecurity education capacity assessment
2.2 Postgraduate programmes
Table 2: Catalogue of postgraduate cybersecurity programmes
Programme title Provider Description Country
Master of Hanoi – The programme aims at building research Viet Nam
Science/Master of University of capacity for staff working in universities
Engineering Science and and research institutes.
(Note 1) Technology – Master of Engineering programme aim-
ing at building specialized knowledge of
learners to meet the requirements of orga-
nizations and businesses.
– 43 options for majors including computer
and information science, information
systems, computing engineering’ and
communication and computer networks.
Master in Ho Chi – The programme designed to provide Viet Nam
Computer Minh City background knowledge in computer
Science (Cyber University of science and provide in-depth skills in a
Security) Technology specific area of cybersecurity.
(Note 2) – Vietnam – Curriculum is designed with an aim to be
National compatible to the European Qualifications
University Framework (EQF) and adaptable to
the specific needs of the companies in
Cybersecurity.
– Programme prepares students to be able
to work in a multidisciplinary and multi-
cultural environment with the ability to
think as well as the skills in communication,
teamwork, and professional ethics.
Master of Le Quy Don – Training is organized according to variety Viet Nam
Computer Technical of types and in-depth direction to raise the
Science/ University quality of education and meet the needs
Information of society.
Systems – To set the basis for further research, post-
(Note 3) graduate students are allowed choose the
type of postgraduate research with the
goal of helping students to learn scientific
research methods and to have published
works.
7Viet Nam national cybersecurity education capacity assessment
Table 2: Catalogue of postgraduate cybersecurity programmes (continued)
Programme title Provider Description Country
Master of Science Viet Nam – Specialization offered in information secu- Viet Nam
in Information National rity.
Technology University – Training in IT to supplement, update and
(Note 4) HCMC – improve IT knowledge; strengthen inter-
University of disciplinary knowledge between the IT
Information industry and other sectors; have in-depth
Technology knowledge in specific fields in the IT indus-
try and the skills to apply knowledge to
research and apply to professional prac-
tice; have ability to work independently;
develop creative thinking and the ability to
detect and solve problems in the IT indus-
try.
– Thesis included.
Master of Cyber Edith Cowan – This coursework degree is designed Australia
Security University to meet the demand for cybersecurity
(Note 5) professionals within government, law
enforcement and industry.
– Students complete either a work experi-
ence project or an applied project as part
of the programme.
– The programme accredited by the
Australian Computer Society.
Master of National – The programme encompasses latest Singapore
Computing University of research findings, both applied and funda-
– Infocomm Singapore mental.
Security – The programme also provides advanced
Specialization and in-depth knowledge of IT to prepare
(Note 6) the students for challenges in IT career.
– Students complete either a Infocomm
Security Dissertation or a Infocomm
Security Project.
8Viet Nam national cybersecurity education capacity assessment
Table 2 – Catalogue of postgraduate cybersecurity programmes (continued)
Programme Provider Description Country
title
Cyber Security University of – The programme covers the theory and United
Master (MSc) Birmingham practice of designing and building secure Kingdom
(Note 7) systems and gives students a firm ground-
ing in cryptography, network security and
secure programming, as well as optional
modules in topics such as hardware and
embedded system security, operating
systems and incident management and
forensics.
– The programme provides practical expe-
rience with technologies and toolkits for
building Internet-based software.
– All students undertake a large, personally
supervised project in the final months of the
course.
– The programme has received full certifica-
tion by GCHQ and the University has been
officially recognized by NCSC-EPSRC as an
‘Academic Centre of Excellence in Cyber
Security Research’ (ACE-CSR) by the United
Kingdom government.
– Curriculum has been developed with the
involvement of key individuals in the cyber-
security industry.
– Companies including Microsoft, Vodafone,
Siemens, IBM and Hewlett Packard come
onto campus to talk directly to students.
Note 1: Hanoi University of Science and Technology, 2020, “Master,” https://en.hust.edu.vn/master (accessed on 16
November 2020).
Note 2: Ho Chi Minh City University of Technology – Vietnam National University, 2020, “Master in Computer Science
(Cyber Security),” https://imp.hcmut.edu.vn/en/master-in-computer-science/(accessed on 16 November 2020).
Note 3: Le Quy Don Technical University, 2020, “Academic Porgram Postgraduate Studies,” http://fit.lqdtu.edu.vn/
educationlevel.aspx?code=sdh (accessed on 16 November 2020).
Note 4: University of Information Technology, 2020, “Master of Science in Information Technology” https://en.uit.edu
.vn/master-science-information-technology (accessed on 16 November 2020).
Note 5: Edith Cowan University, 2020, “Master of Cyber Security,” https://www.ecu.edu.au/degrees/courses/master-of
-cyber-security (accessed on 16 November 2020).
Note 6: National University of Singapore, 2020, “Master of Computing – Infocomm Security Specialisation” https://www
.comp.nus.edu.sg/programmes/pg/misc/(accessed on 16 November 2020).
Note 7: University of Birmingham, 2020, “Cyber Security Masters/MSc,” https://www.birmingham.ac.uk/postgraduate/
courses/taught/computer-science/cyber-security.aspx (accessed on 16 November 2020).
9Viet Nam national cybersecurity education capacity assessment
2.3 Doctoral programmes
Table 3: Catalogue of doctoral cybersecurity programmes
Programme Provider Description Country
title
PhD Hanoi University – 38 Doctoral programmes offered for Viet Nam
(Note 1) of Science and PhD study including information systems,
Technology computing engineering, and data communi-
cation and computer networks.
PhD Viet Nam – Intensive Direction of Research offered in Viet Nam
(Note 2) National modern information system security;
University HCMS information security on mobile devices;
C – University
network security and optimization.
of Information
Technology
PhD Australian – The National Security College at ANU PhD Australia
(Note 3) National programme develops experts in security
University policy with strong research skills.
– Students can choose a research area aligned
to cybersecurity.
PhD Nanyang – School of Computer Science and
(Note 4) Technology Engineering offered graduate research in
University cybersecurity.
Singapore – NTU is committed to providing state-of-
the-art training to enhance the knowledge
base in tackling fast emerging cybersecurity
research challenges.
– Cyber Security Research Centre @ NTU
fosters active participation with world
renowned faculty as well as researchers from
the industry and agency so as to facilitate a
vibrant research environment.
Doctoral De Montfort – The Cyber Security and Software United
Program University Technology Doctoral Training Program run Kingdom
(Note 5) Leicester at De Montfort University is led by academ-
ics from many disciplines across all faculties,
including psychology, law, English and com-
puter science.
– Indicative list of modules offered include:
foundations of cybersecurity;
cyber threat intelligence;
cyber engineering;
professional practice in forensics and secu-
rity;
approaches to the study of wellbeing;
cyber law and ethics;
research methods.
Note 1: Hanoi University of Science and Technology, 2020, “Ph.D,” https://en.hust.edu.vn/ph.d (accessed on 16
November 2020).
Note 2: University of Information Technology, 2020, “Doctorate in Information Technology” https://en.uit.edu.vn/
doctorate-information-technology (accessed on 16 November 2020).
10Viet Nam national cybersecurity education capacity assessment
Note 3: Australian National University, 2020, “PhD study,” https://nsc.crawford.anu.edu.au/study/graduate-degrees/
phd-study (accessed on 16 November 2020).
Note 4: Nanyang Technology University Singapore, 2020, “Graduate,” http://scse.ntu.edu.sg/Programmes/
ProspectiveStudents/Graduate/Pages/Graduate.aspx (accessed on 16 November 2020).
Note 5: De Montfort University Leicester, 2020, “Cyber Security and Software Technology Doctoral Programme,” https://
www.dmu.ac.uk/study/technology/doctoral-training-programme/cyber-security-doctoral-programme.aspx (accessed
on 16 November 2020).
2.4 Summary and benchmarking
Tables 1, 2, and 3 present undergraduate, postgraduate, and doctoral courses in cybersecurity
in Viet Nam: five at undergraduate level, four at postgraduate level, and two at doctoral level.
To provide benchmarks, courses offered in Australia, Singapore, and the United Kingdom are
also provided at each level.
Undergraduate level
– At the undergraduate level, higher education providers in Viet Nam offer specialist
cybersecurity degrees as well cybersecurity modules as part of engineering, science, or
information technology degree programmes.
– Curriculum at the undergraduate level focuses on computer science and information
technology skills as well as providing opportunities to study information security related
subjects.
– One provider curriculum includes Association for Computing Machinery (ACM) and the
Institute of Electrical and Electronics Engineers (IEEE) curriculum guidelines.
– Undergraduate programmes are predominantly coursework based, and three programmes
offer students the opportunity to complete a graduation thesis.
– Four of the five undergraduate programmes offer students practical and hands-on
experience through internships or industrial practice.
– One degree offers students the opportunity of completing the first two years in Viet Nam
and the final year at the University of Turku, Finland.
Postgraduate to doctoral level
– At the postgraduate level, higher education providers in Viet Nam currently offer
cybersecurity courses as part of computer science, engineering, information technology,
or science programmes.
– Programmes include a combination of coursework and research.
– One provider curriculum is compatible with the European Qualifications Framework (EQF).
– Programmes provide opportunities for targeted learning in cybersecurity subject areas
and are designed to meet industry needs and prepare students to work in multidisciplinary
environments.
– Two universities provide opportunities for students to pursue doctoral programmes in
research areas related to cybersecurity.
Benchmarking
International programmes can provide a benchmark for the future development of programmes
in information security in Viet Nam that could include:
– Developing cybersecurity as a standalone subject that is differentiated from computer
science and information technology at both undergraduate (e.g., degree in cybersecurity)
and postgraduate (e.g., masters in cybersecurity) levels.
11Viet Nam national cybersecurity education capacity assessment
– Offering students opportunities to pursue major/minor studies within different cybersecurity
specialization areas e.g., networking security and security management
– Incorporating both technical and non-technical subject areas as part of cybersecurity
programmes to ensure students can pursue a range of careers such as risk management,
systems analysis, cyber policy and management, incident response, threat analysis.7
– Looking for opportunities to partner with industry to ensure curriculum is up to date with
current technologies and trends e.g., University of West London partnership with Amazon
Web Services Academy as part of their BSc (Hons) Cyber Security programme.
– Exploring partnerships with international university providers for joint programmes.
– Exploring opportunities for students to achieve both domestic and international certification
as part of the completion of their studies.
– Include industry as part of the education experience e.g., inviting technology company
staff and cybersecurity professionals to present guest lectures to students.
– Continue to offer practical experiences as part of cybersecurity programmes through
internships and applied projects.
3 Education and training capacity assessment
This chapter presents cybersecurity education capacity in Viet Nam and includes assessments
of primary and secondary schools, higher education and research, professional training and
certification, public and executive awareness, administration and governance.
3.1 Primary and secondary school cybersecurity capacity
The past two decades have transformed education across Viet Nam following the implementation
of the National Education for All Action Plan 2003-20158 and, since 2008, by an increase in the
budget for education to 20 per cent of government spending.9 These actions have led to high
primary school completion rates and to the inclusion of increased numbers of girls in the primary
and secondary school system.
More recently, the need teach cybersecurity skills has been reflected in Prime Minister Decision
No. 893/QD-TTg in 2015 that approved a national programme on communication, awareness
and responsibility of information security to 2020, and which includes primary and secondary
school activities.10 As part of the national programme, the Ministry of Education and Training
(MOET) piloted the Youthspark Digital Inclusion (YDI) project,11 a digital skills and online safety
programme for primary and secondary school students. This programme was delivered with the
support of partners including Microsoft and VIETNET-ICT, a non-governmental organization.
The programme has be implemented across 12 provinces in Viet Nam, including 421 schools
7
Workforce Framework for Cybersecurity (NICE Framework): https://www.nist.gov/itl/applied-cybersecurity/
nice/nice-framework-resource-center (accessed on 16 November 2020).
8
https://www.globalpartnership.org/sites/default/files/2003-Vietnam-National-Education-For-All-Plan-2003
-2015.pdf (accessed on 17 November 2020).
9
Global Partnership for Education, 2020, Vietnam: https://www.globalpartnership.org/where-we-work/
vietnam#:~:text=Vietnam%20recognizes%20education%20as%20a%20national%20priority.&text=The
%20overall%20objectives%20of%20the (accessed on 17 November 2020).
10
Le, Van-Thang, Nguyen, Phuong-Lan, & Ngo, Quoc-Dung, 2019, Cybersecurity Maintenance in Vietnam in
4.0 ERA: http://www.interpa.org/Upload/editor/files/Quoc-Dung%20NGO.pdf (accessed on 17 November
2020).
11
Youthspark Digital Inclusion, 2020: http://youthspark.digitalskill.vn/tai_lieu/tai-lieu-huong-dan-giang-day
-an-toan-internet/(accessed on 17 November 2020).
12Viet Nam national cybersecurity education capacity assessment
and 800 teachers. The programme offers a range of e-learning resources to support teachers
in fostering knowledge and teaching methods in applied informatics and computer science,
as well as equipping students with IT skills.
MOET and VIETNET-ICT have also worked together to offer a broad range of computer science
and IT projects in Viet Nam including:
– hosting the Youth Internet Governance Forum (YIGF) alongside the Viet Nam Internet
Forum held in Hanoi in 2019, which provided an opportunity for young people in Viet Nam
to participate in policy debates related to building and protecting a digital economy for
all;12
– running a series of ICT Talks targeted at young people in Viet Nam as part of the NPO
Connect project;13
– facilitating an online Internet management course for participants of the YIGF that covered
a range of modules from the history of the Internet to network security and resilience.14
It was not possible to confirm via desk-based research whether cybersecurity has also been
incorporated as a formal part of the curriculum at either primary or secondary school level in
Viet Nam. Furthermore, it was also not possible to determine the current state of the availability
of primary and secondary school teaching staff with backgrounds or qualifications to teach in
ICT and cybersecurity subjects.
Current constraints
Despite the strong success of the past two decades in education reform, the following constraints
may impact the future development of primary and secondary school cybersecurity education
capacity in Viet Nam:
– Challenges remain for remote areas that have limited access to educational resources, and
which also have lower participation and completion rates for girls and ethnic minorities.
Such education disparity has the potential to contribute to the digital divide. 15
– The absence of cybersecurity related courses in primary and secondary schools may reduce
the development of knowledge, skills, and abilities that could drive interest in, and access
to, future cybersecurity careers.
– The lack of experienced and qualified primary and secondary school teachers may limit
the level of ICT and cybersecurity education.
3.2 Higher education and research capacity
Higher education programmes
In order to drive the development of human resources in cybersecurity (also referred to as
information safety and security (ISS)), the Prime Minister Decision No. 99/QD-TTg and Appendix
III of the Decision No. 99/QD-TTg approved a national programme and identified eight training
12
VIETNET-ICT, 2020: http://vietnet-ict.org/nang-cao-vai-tro-cua-thanh-nien-trong-quan-tri-internet/(accessed
on 17 November 2020).
13
VIETNET-ICT, 2020: http://vietnet-ict.org/category/chuong-trinh-du-an/npo-connect/ (accessed on 17
November 2020).
14
VIETNET-ICT, 2020: http://vietnet-ict.org/khoa-hoc-quan-tri-internet-online/ (accessed on 17 November
2020).
15
Global Partnership for Education, 2020: https://www.globalpartnership.org/where-we-work/vietnam
13Viet Nam national cybersecurity education capacity assessment
institutions to work in cooperation with MOET to build training frameworks, develop and share
curricula, and collaborate on joint research programmes in information security education:
1 Hanoi University of Science and Technology.
2 Military Technical Academy.
3 Academy of Cryptography Techniques.
4 Posts and Telecommunications Institute of Technology.
5 University of Information Technology, Viet Nam National University, Ho Chi Minh City.
6 University of Engineering and Technology, Viet Nam National University, Hanoi.
7 University of Science and Technology, University of Da Nang.
8 People's Security Academy.
As part of Decision No. 99/QD-TTg, the Authority of Information Security (AIS) has organized
an annual national conference to discuss and provide guidelines for these training institutions
to build their cybersecurity curricula.16
Further to the identification of key training institutions, Appendix IV of Decision No. 99/QD-TTg
established enrolment targets, with the objective of enrolling 1 800 cybersecurity undergraduates
by 2020 and sending 240 researchers on overseas training including 80 doctoral level and 50
master-level students. Desk-based research was unable to confirm if these targets have been
achieved.
As detailed in section 2 of this report, there are a range of existing programmes offered at
universities in Viet Nam that include cybersecurity such as the Bachelor in Cyber Security offered
at the University of Science and Technology of Hanoi. However, the majority of programmes in
Viet Nam incorporate cybersecurity modules as part of related degree programmes such as:
– Bachelor of Engineering (Information Security) at the Viet Nam National University HCMC,
University of Information Technology.
– Bachelor in Information Technology (Cyber Security Administration).
– Master in Computer Science (Cyber Security) at the Ho Chi Minh City University of
Technology.
– Master of Science in Information Technology (Information Security) Viet Nam National
University HCMC, University of Information Technology.
Opportunities are also available to pursue cybersecurity research and study at the doctoral
level. Examples of these opportunities include:
– Hanoi University of Science and Technology, which offers intensive direction of research
in information systems, computing engineering, and data communication and computer
networks.
– Viet Nam National University HCMC, University of Information Technology, which offers
intensive direction of research in modern information system security, information security
on mobile devices, and network security and optimization.
As part of planning for the next phase of the national programme that will build on the work
completed under Decision No. 99/QD-TTg from 2015-2020, the MIC has selected trade and
16
Authority of Information Security (AIS): https://ais.gov.vn/hoi-nghi-cac-co-so-dao-tao-trong-diem-ve-an-toan
-an-ninh-thong-tin-theo-de-an-%E2%80%9Cdao-tao-va-phat-trien-nguon-nhan-luc-atantt-den-nam-2020
%E2%80%9D.htm (accessed on 17 November 2020 in Vietnamese).
14Viet Nam national cybersecurity education capacity assessment
technical colleges to join the original eight institutions in order to further develop and expand
cybersecurity education in Viet Nam. These additional institutions include17:
– Ly Tu Trong College of Ho Chi Minh City (LTTC);
– Cao Thang Technical College;
– Can Tho Vocational College;
– College of Industry II;
– Vocational College High Technology Hanoi.
It was not possible to confirm via desk-based research whether national accreditation was in
place for higher education cybersecurity programmes. However, the public identification of
training institutions does provide insights to prospective students and employers as to which
institutions have been mandated by government to develop and deliver such programmes.
Desk-based research identified that at least one such institution utilized international curriculum
guides to inform their own programme curricula, with the Le Quy Don Technical University
indicating that the foundation of their undergraduate training builds on work from the ACM
and IEEE professional associations. Furthermore, desk-based research was unable to verify the
experience and qualifications of cybersecurity educators and the extent to which industry and
government cybersecurity professionals engage with the delivery of higher education.
Cybersecurity research
Further to the development of cybersecurity education in Viet Nam, Decision No. 99/QD-
TTg also detailed investment allocations in areas of cybersecurity research. This included the
upgrading of equipment and laboratories for cybersecurity-related research and international
research collaboration with reputable research institutions around the world.
Evidence of progress in cybersecurity research development includes:
– The establishment of the Bach Khoa Cyber Security Center under Decision No. 3148 / QD-
DHBK-TCCB in 2015, which researches and implements scientific projects, transfers new
technology to industry, and builds cooperation with domestic and foreign universities.18
– The Science and Technology Application Research Institute, which is part of the Viet Nam
Academy of Cryptographic Techniques, details research investment in cybersecurity as
a focus of the Institute, with the latest developments used in cybersecurity training at the
institute.19
– The completion of a government sponsored and led research mission during the period
2017-2019 focused on researching and building an information security reference
framework for e-government.20
– Cybersecurity research from the private sector, with BKAV technology corporation
developing a reputation locally and globally for leading cybersecurity products and
services through in-house research.21
17
Draft 2021-2025 MIC Information Security Training and Development Project Plan provided by the AIS.
Appendix 1.
18
https://bkcs.hust.edu.vn/gioi-thieu/about-us/(accessed on 18 November 2020).
19
http://actvn.edu.vn/vien-nghien-cuu-ung-dung-kh-cn-102.html (accessed on 9 December 2020).
20
Ministry of Science and Technology, 2019, https://most.gov.vn/vn/tin-tuc/16853/thong-tin-ket-qua-thuc-hien
-nhiem-vu-- nghien-cuu-- xay-dung-khung-tham-chieu-ve-an-toan-thong-tin-phuc-vu-chinh-phu-dien-tu-- ma
-so--kc-01-07-16-20.aspx (accessed on 9 December 2020).
21
https://www.bkav.com/about-us (accessed on 9 December 2020).
15You can also read
