The UK’s Oxford, Cambridge and RSA (OCR) exam board has drafted a new GCSE Computer Science course with a major focus on cybersecurity.
The OCR said the proposed curriculum would cover “phishing, malware, firewalls and people as the ‘weak point’ in secure systems,” as well as “the ethical and legal concerns around computer science technologies.”
The OCR has also partnered with tech firm Codio to offer students a cloud-based programming and course content platform, which at the same time will provide teachers with a resource to boost their computer science knowledge and skills.
The coalition government took a major step towards reducing chronic skills gaps in the IT industry by making computing a compulsory part of the curriculum last year, and moving courses away from a focus on using applications towards how to create them.
According to (ISC)2, the number of security professionals globally reporting their organization has “too few” IT security pros has grown from 55.9% in 2013 to 62.2% this year.
OCR’s draft proposal for the new Computing Science GCSE will be submitted to regulator Ofqual and published in full next week. If successful, teaching will begin in September 2016.
James Lyne, global head of research at Sophos, claimed the addition of a cybersecurity element to the GCSE curriculum is “long overdue” but that the list of topic areas shared by the OCR “should help build every individual's awareness of what they need to do to stay safe.”
“Combined with the programming design, thinking aspect of the course, it should allow those who move on to technical careers to write better quality code and avoid some of the security issues we see today,” he added.
“Cybersecurity is a topic that every member of society needs to be exposed to, even if it is only knowing enough to do the basics to keep safe online, but GCSE is a good time to provide a specific focus. It is refreshing to see security recognized as a key supporting skill for the future of the UK economy and we hope that this change makes the career path to being a cybersecurity professional clearer. This is a welcome change, but there is still plenty more to be done.”
Brian Spector, CEO at cybersecurity firm CertiVox, also welcomed the announcement.
“However, for it to be effective, it has to be ongoing,” he added. “Threats change constantly and while some of them may be subtle changes, they can easily catch people out.”