1
INTRODUCTION
1. Rationale for the study
Currently, before the rapid development of IT, especially
computer network technology, internet and large databases, online
information websites in all fields have made the need to deploy the
computer network application system and communication increased
rapidly. Notably, when the world enters the Industrial Revolution 4.0, the
application of IT contributes to improving the efficiency of social
management, the quality of people’ material and spirit life; increasing
productivity, efficiency and economic growth. However, along with
these advantages, it has led to the situation of insecurity and IS that are
becoming more and more complicated. There are several existing risks
that seriously threaten the application of IT to serve socio-economic
development and ensure national defence and security. Thus, the IS is
considered as one of the "vital" factors, determining the existence, and
development of each individual, organization, socio-economic
development and national defence and security.
Thoroughly aware of that problem, in 2014, the Prime Minister
issued Decision No. 99 QD / TTg dated January 14, approving the
“Project on training and developing human resources for information
safety and security. in 2020", which clearly states: "Training and
developing human resources for safety and IS is one of the solutions to
ensure national digital sovereignty, mastering cyberspace, contributing to
protecting ensure national defence and security; is an important part of
the task of developing information technology human resources,
contributing to ensuring the successful implementation of the plan to
turn Vietnam into a strong country in terms of information and
communication technology”. Simultaneously, 7 key universities of the
country are assigned to carry out training on IS. Up to now, along with
the development, in our country there are 10 universities performing the

task of training human resources specialized in IS, including: Hanoi
University of Science and Technology, Public University Technology Hanoi National University, Posts and Telecommunications Institute of
Technology, Cryptography Technique Academy, Military Technical
Academy, People's Security Academy, Duy Tan University, IT
University - University Ho Chi Minh City Country, and FPT University.
Thoroughly grasping and implementing Decisions of the Prime
Minister, under the direction of the Ministry of Education and Training,
universities assigned to train in the field of IS have organized training
and determined to improve their effectiveness. Management of IS


2
industry is one of the important factors contributing to improving the
training quality of IS industry, as well as the comprehensive training
quality of each school. At the same time, it serves as the foundation for
the schools to train the contingent of human resources specialized in IS
with good quality and capacity to meet the requirements of the set
reality. However, from the practice, due to the fact that IS is a new
training industry, in the e-management at schools, in addition to the
advantages, there are still many difficulties and shortcomings, from
the stage of developing the plan, organize the implementation of the
training, and the development of faculty staff. This is both a reality,
but also a basic cause for the quality of training IS industry in schools
over time "is still low compared to the country's development
requirements in the new period; Career capacity of graduates has not
yet met the requirements of the job, the supply and demand of human
resources in the security industry, as well as the quality and
effectiveness of training in the security industry in schools have not
really met the social needs.
Besides, so far, in our country, there has not been any in-depth

research on management of IS at universities. From the abovementioned reasons, the author decides to choose the topic entitles
"Management of Information Security Training at Universities in the
Current Context" as his doctoral thesis.
2. Objectives and tasks of the study
Objectives
The thesis focuses on analysing and clarifying theoretical and
practical basis of TM on IS at universities; From there, propose
measures to manage the IS industry at the university in the current
context, contributing to improving the quality and effectiveness of TM,
as well as the quality of training security at universities to meet the
needs of safe human resources, and IS in the new context.
Tasks
Giving an overview of the thesis-related research works
Clarifying the theoretical basis of TM on IS at universities in the
current context.
Conducting surveys, analysing, assessing the current situation and
indicating the causes of the current situation of training and TM of IS at
universities today.
Proposing measures to TM of IS at universities in the current
context, conducting experiments and testing the proposed measures.


3
3. Object, subject, scope of the study and scientific hypotheses
Object
TM at universities in the current context.
Subject
TM of IS at universities in the current context.
Scope
In terms of content, the topic focuses on the study of TM in the

field of IS for undergraduate subjects at universities.
In terms of area, object and time of survey:
Areas of survey: The thesis conducted different surveys at 4
universities providing training on IS at university level in the whole country,
specifically: Posts and Telecommunications Institute of Technology,
University of Information Technology - Ho Chi Minh City National
University, Institute of Cryptography Technology, and FPT University.
Time of survey: the survey was conducted at universities is from
January, 2019 to March, 2019.
In terms of time range of data used in the thesis: data used for the
thesis has been compiled from 2015 to present.
Scientific hypothesis
Management of training in the field of IS at universities is a
decisive factor to the quality of human resources of IS industry in our
country today. Yet, the management of IS industry at schools in the past
time still has certain limitations and shortcomings. Accordingly, if the
universities solve problems such as: Organizing diversification of forms
of promotion, enrolment counselling for high school students and improving
the quality of enrolment in industry training ATTT; to develop a training
plan on sport security to ensure the science, closely follow specific
conditions at each school and the needs of developing human resources on
security of the country in each period; directing the standardization of
lecturing staff for teaching IT subjects and modules to meet the objectives
and requirements of training in IS industry; directing the innovation of
training programs and content in the field of IS in the direction of
approaching capacity and organizing cooperation and cooperation with
agencies and units that use IT human resources in training in IS industry.
Management results will be improved, contributing to improving the quality
of security training for schools to meet the requirements of human resources
security at set in the current context.

4. Research method and methodology
Research method
The thesis is based on dialectical materialism, historical
materialism of Marxism - Leninism, Ho Chi Minh thought; thoroughly
grasping the lines and views of the Communist Party of Vietnam on
Education and Training. Simultaneously, the thesis is based on the
following approaches:


4
* The system - structure approach
* The practical approach
* The training process approach
* The approach based on the CIPO model of training quality
management.
Methodology
The thesis makes use of the following methods: Methods of
theoretical research; practical research methods; Assaying and testing
methods, and supporting methods.
5. New contributions of the study
The thesis clarifies the theoretical basis for TM of IS at
universities. Specifically, it adds and clarifies the theoretical issues of
training in the field of IS at universities such as clarifying the concepts
and elements of TM at universities; pointing out the characteristics of
training in IS at universities; building the concept and analysing the
factors affecting the management of IS currently.
The thesis accurately and objectively assesses the current situation
of training and TM on IS in universities today. At the same time, it
proposes practical and feasible measures to manage the IS at
universities, contributing to improving the quality and efficiency of TM

of IS, as well as the quality of training the IS industry at universities in
the current context.
6. Theoretical and practical significance of the study
Theoretical significance
The thesis contributes to adding and developing the theory of training
and TM on IS at universities. In particular, the thesis seeks to propose
measures to manage the IS industry at universities in the current context.
Practical significance
The results of the thesis can be used as references for research,
teaching issues related to training and TM. Simultaneously, it helps each
university training in the field of IS to properly recognize the current
situation of training and management of the Department
of IS with the object of training at the university level today. The
thesis also helps universities to apply in practical management of IS
industry, thereby contributing to improving the quality and effectiveness
of TM of IS to meet the current management requirements.
7. The structure of the study
The thesis includes: Introduction, 4 chapters, Conclusion,
Recommendations, a list of scientific works of the author, a list of
references and appendices.
Chapter 1
AN OVERVIEW OF THE THESIS-RELATED RESEARCH
SITUATION


5
1.1. The works on training and training management at
universities
1.1.1. The research works overseas
Typical works: "Distance learning theory and practice" by Polat;

"The credibility of the credit hour: History, use and shortcomings of the
credit system - The credibility of credit hours: History, application and
limitations of the credit system" [128] by Heffernan Jame; "Academic
credit system in higher education" by Regel.O; "University training
program" by Tanner; "Higher education staff development for the 21st
century" by Mary Louise Kearney; "Curriculum: Foundations,
Principles, and Issues - Curriculum: Foundations, principles and
building policies" by Allan C. Ornstein; "School Development Planning"
by two authors are B. Davies and L. Ellison; "Quality Management and
Quality Assurance in European Higher Education" by Van Vught F.A
and Westerheijden D.F; "Standards and Quality in Higher Education" by
Brennan J., Vries p. & Williams R; "Total quality management in
Education" by Marmar Mukhopadhyay, etc. In general, these above
works by foreign authors are considered as the theoretical and practical
real basis for the author to inherit, develop and apply in the process of
fulfilling the aims and objectives of the thesis.
1.1.2. The research works in the country
In our country, there are many works on training at universities,
typically: "Teaching based on case studies at university" by Vu Thi Lan;
"Opportunities and challenges of Vietnam's higher education in the
globalization trend" by Vo Thi Phien; "Vietnam's higher education
before the requirements of radical and comprehensive innovation" by
Pham Thanh Khanh; "Structure of different types of higher education in
the national education system" by Dang Ba Lam, Phan Huu Tiet and
Nguyen Viet Hung; "Teaching based on case studies at university" by
Nguyen Thi Thu Lan; "Improving the management model of training
high-quality human resources for Vietnamese universities" by Trinh
Ngoc Thach; "Quality management training according to ISO 9001:
2000 in Vietnam Maritime University" by Nguyen Duc Ca; "The
management of training political theory lecturers to meet the current

renovation requirements" by Nguyen Thi Thu Thuy; and "Management
training cadres of Ho Chi Minh Pioneering Youth Team towards quality
assurance" by Nguyen Thu Muoi, etc.
1.2. The works on training, management training in the fields
of information technology at universities
In our country, there are several works on training and training
management of IT, such as: "Prioritizing the development of


6
technological human resources in our country during the period of
industrialization. modernization” by Dang Ba Lam and Tran Khanh
Duc; "Major solutions to develop science and technology human
resources for the cause of industrialization and modernization" by Pham
Van Quy; "Experience in developing information technology human
resources in Asia - Pacific" by To Chi Thanh; "Situation of high-tech
human resources in Vietnam" by Do Thi Ngoc Anh; "Development of
information technology human resources in Vietnam - Situation and
solutions" by Nguyen Thi Thanh; and "Innovating the information
technology training program according to international standards" by
Ngo Tu Thanh, etc.
The works on improving the quality of training the information
security at universities include: "Five solutions for developing human
resources for information security in university training" by Nguyen Van
Hien; "Solutions and management criteria quality of information
technology college training based on TQM approach” by Ngo Xuan
Binh; "Some solutions to develop science and technology human
resources in Vietnam today" by Duong Quynh Hoa; and "Managing the
process of training high-quality human resources at Hanoi High-Tech
Vocational College" by Khong Huu Luc, etc.

1.3. An overview of the thesis-related works and the issues
need further addressing in the thesis
1.3.1. An overview of the thesis-related works
First, the issue related to training at universities has been paid
attention to by several authors all over the world in many angles,
multidimensional and aspects. Especially, in our country, up to now,
these constructions have built up the concept of training in general and at
universities in particular with different approaches; specify the position
and role of training in universities to improve the quality of human
resources to meet the requirements of the society; pointing out the basic
contents and elements of the investment management; analysing and
clarifying the challenges, opportunities and requirements in training
innovation at universities in response to the development of the reality.
Second, the works on TM at universities in recent years has been
increasingly appreciated by domestic and foreign authors. In particular,
the works overseas have brought out the key issues in TM at schools.
There are several works researching some specific management models
in training and assessing the quality of schools or developing the
programs, the training content, and the staff. Especially, the domestic


7
works have confirmed the position, the role and the necessity of the
training management, which is a key issue that decides the quality and
effectiveness of TM at schools. There are a number of works on different
aspects in TM or applying management models into TM in each certain
school, object and scope.
Third, the works on TM of IT at universities recently have been
gradually studied. When discussing this issue, the works mainly
approach under the view of Education Management science to explain

and clarify some basic theoretical issues on management on IT. In
general, the works have clearly affirmed the position, role and the need
of training, training management of the IT industry in the current
context. Some initial works have made methodological requirements or
in-depth studies on some specific contents of TM of IT industry.
Besides, there are some initial works mentioned training and managing
the field of IT at universities such as: mentioning experience in training
in IS industry in some countries in the world; solutions to improve the
quality of training in IS at universities in our country today. The abovementioned issues are considered as important basis for the author to
inherit and apply during the process of conducting the thesis.
The facts show that IS is a new training industry in the IT field
that universities in our country are currently training. Along with that, up
to now, there are very few works on training management on security
industry. Related buildings have just stopped at the first step, mainly in the
suggestive form in works related to the IT industry without typical case
studies. There have not been any studies showing the characteristics of the
security information industry and the specific characteristics of e-learning
security management at universities; The thesis has not yet pointed out the
theoretical and practical issues, especially the proposed practical, highly
feasible measures and requirements in training management of information
security at universities, thereby contributing to ensuring to ensure the quality
of training on information security, as well as the quality of training at the
schools to meet the given objectives and requirements.
1.3.2. The issues need further addressing in the thesis
First, on the basis of the previous studies, the thesis continues to
conduct additional studies, clarifying the concepts related to training and
training management of IS at universities; specify the characteristics of
the security industry and the management of IS industry; analysing the
nature and indicating the contents and factors affecting the management
of IS at universities in the current context.



8
Second, of the works published previously, none of them has
specifically evaluated the current situation of training and training
management on IS at universities today. Thus, this thesis will continue to
evaluate the current situation of training and management of IS at universities
in the past recent years. By analysing the current situation and the causes, the
thesis specifies the requirements and obstacles in TM of IS at universities.
Third, the thesis proposes, analyses and clarifies the measures of TM of
IS at universities in the current context, appropriate to reality, the subjects, and
the training objectives. This is considered a core issue, not only contributing to
ensure that the quality of training in IS at schools relevant to the training goals,
but it is also important to ensure IT human resources, meeting the IT
development trends in the context of the Industry Revolution 4.0.
Conclusion of chapter 1
The studies related to training and TM at universities has been paid
due attention by several authors overseas and in the country. These works
are approached in a variety of angles and aspects, ensuring the complete,
systematic, scientific and intensive sense. Yet, the facts show that IS is a new
training industry in the field of IT on offer at universities. Along with that,
up to now, there have been no works on TM of IS at universities under the
perspective of Education Management with systematic and scientific sense.
Therefore, the literature review of the works published previously will
contribute to create a reliable foundation for the author to conduct the
doctoral thesis namely "Management of Information Security Training at
Universities in the Current Context”.
Chapter 2
THE THEORETICAL BACKGROUND FOR THE
TRAINING MANAGEMENT OF INFORMATION SECURITY AT

UNIVERSITIES IN THE CURRENT CONTEXT
2.1. The theoretical issues of training and information security
at universities
2.1.1. The concept of training and the components making up
the training process at universities
2.1.1.1. The concept of training at universities
Training at universities is seen as a process of purposeful and
organized impact of pedagogical forces in each school to learners to
form and promote learners’ competence in accordance with the set
objectives and the requirements of training.
2.1.1.2. The components making up the training process at
universities


9
First, the objectives of training. Second, the contents of training.
Third, the methods of training. Fourth, the form of training organization.
Fifth, the teachers. Sixth, the students. Seven, the facilities and teaching
techniques. Eighth, the results of training.
2.1.2. The concept and characteristics of training information
security at universities
2.1.2.1. The concept of information security and training of
information security at universities
* The concept of information security
Information security is defined as the protection of digital
information and information systems against natural hazards, acts of
illegal access, use, dissemination, sabotage, modification and destruction
to ensure information systems perform properly and serve the right
subjects in a ready, accurate and reliable manner.
* The concept of training information security at universities

Training IS at universities is a purposeful and organized process of
pedagogical forces at schools to formulate and promote learners’
competencies, knowledge, and skills appropriate to the identified
objectives and requirements of training in IS.
2.1.2.2. The characteristics of training information security at
universities
First, IS is a training industry with its increasing position and role
in modern society.
Second, the objective of training in the security industry focuses
on helping learners gain knowledge, analytical skills, and solve
problems related to network information security and confidentiality.
Third, the training programs and contents are designed and built in
the direction of being highly practical and in line with the development
of information technology.
Fourth, the teaching staff participating in information security
training at universities are diverse and plentiful, but account for the
majority of lecturers specialized in information technology.
Fifth, the students of Information Security training are strictly
selected according to their own criteria and are entitled to particular
preferential treatment.
Sixth, the mechanism of training organization and facilities ensure
the training of information security with peculiar traits.
2.2. The theoretical issues on management of information
security training at universities


10
2.2.1. The concept of management of information security
training at universities
Management of training in IS at universities is the purposeful,

planned impacts, which are suitable to the educational management
function of the management of IS. Accordingly, it helps to organize and
control this process in line with the rules of education, the efficiency, the
goals and requirements.
2.2.2. The approach based on the CIPO training
quality management model in training management
of information security at universities
From the above-mentioned issues, it can be seen that the approach
based on the model of CIPO training quality management in training
management of information security at universities includes the
following basic issues:
First, the impact of the context. Second, the management of the input.
Third, the management of the process. Fourth, the management of the output.
2.2.3. The content of management training in information
security industry at universities
First, organizing training activities for information security industry.
Second, developing an information security training plan.
Third, promoting the development of programs, content and forms
of organization of information security training.
Fourth, managing lecturers participating in training in Information
Security and students of Information Security.
Fifth, managing the conditions and training environment for
Information Security.
Sixth, managing the training results in Information Security.
2.3. The factors affecting the training management of
information security at universities
First, the impact from the requirements of education and training
innovation and the Party and State’s guidelines and policies on
information technology training at universities.
Second, the impact from the characteristics of the current

situation, especially the strong development of information technology.
Third, the impact of the need for innovation in training
management at universities presently.
Fourth, the impact of the attention of the whole society, especially
the education, to the task of training information security at universities.


11
Fifth, the impact from the quality and capacity of managers and
lecturers at schools.
Sixth, the impact from the students’ input quality of at schools.
Seventh, the impact from experience in training management in
the fields of information technology and information security at schools.
Conclusion of chapter 2
Management of training in IS at universities is the impact with
purpose and plan, appropriate to the educational management function of
the management subject to the training process of IS, in accordance with
the laws of education, with optimal effectiveness and achievements. To
effectively address that problem, the schools need to be thoroughly
aware of the position and the role of training in information security,
defining characteristics of training in information security at universities
presently. Besides, it is necessary to indicate the issues in management
of information security at universities such as: the subjects, the objects,
the methods, and the tools in management; identifying the specific
content in TM of IS. Especially, it is necessary to indicate the factors
affecting the management of information security at universities. On that
basis, appropriate measures to TM of IS are proposed in accordance with
practical conditions and the characteristics of each specific school.
Chapter 3
PRACTICAL BASIS FOR MANAGEMENT

OF INFORMATION SECURITY TRAINING
AT UNIVERSITIES IN THE CURRENT CONTEXT
3.1. An overview of the universities training information
security currently
3.1.1. An overview of the training objective
3.1.2. An overview of the organizational structure
3.1.3. An overview of the subject, the teaching staff and the
facility of training
3.2. The method of conducting surveys and evaluating the
current situation
It includes the following issues: The purpose of the survey; the
content of the survey; the object, area, time of the survey; the method of
conducting the survey; and the method of processing data.
3.3. The current situation of training security information at
universities presently
The evaluation of the current situation of training at universities is
carried out on the following basic contents:
First, the current situation of developing curricula and content of
information security training.


12
Second, the current situation of the methods and forms of
information security training.
Third, the current situation of checking and evaluating the results
of information security training.
3.4. The current situation of management of information
security training at universities presently
The current situation of TM of IS at universities is implemented
on the following contents:

First, the current situation of organizing training enrolment
activities in information security
Second, the current situation of developing the plan of information
security training
Third, the current situation of directing the formulation of
programs, contents and using methods and forms of organizing
information security training.
Fourth, the current situation of managing lecturers participating
information security training and students of information security.
Fifth, the current situation of management of conditions and the
environment of information security training.
Sixth, the current situation of managing the results of information
security training.
3.5. The current situation of the factors affecting the training
management of Information Security industry at universities today
The assessment of the current situation of the impacting elements
is implemented on the following contents:
First, the current situation of the impact from the innovation
requirements of education and training; the Party and the State’s
guidelines and policies on training IT human resources at universities.
Second, the current situation of the impact of the characteristics of
the current context, especially the IT powerful development.
Third, the current situation of the impact from the requirements of
training management innovation at universities presently.
Fourth, the current situation of impact from the attention of the
whole society, especially of the Education sector, to the task of training
the field of Information Security at universities.
Fifth, the current situation is affected by the quality and capacity
of managers and lecturers at schools.
Sixth, the current situation of the impact from the input quality of

the students of information security at schools.


13
Seventh, the current situation of the impact from experience in
training management of IT and IS and at schools.
3.6. General assessment of the current situation and the causes
of the current situation of information security training
management at universities presently
3.6.1. General assessment of the current situation of
information security training management at universities presently
3.6.1.1. The advantages
In general, the universities have gradually implemented the contents
of TM of IS. They have defined the conditions, the standards and the
procedures of the enrolment ARE training. Thus, the quality of IS training at
schools has been gradually in line the requirements of the reality.
3.6.1.2. The limitations and shortcomings
In giving directions and organizing enrolment activities, the forms
and methods of admissions counselling organizations are not really
various and diverse and close to the practical situation. The training plan
sometimes was not harmonized with that between classes in the same
course or other training subjects. In directing the formulation of programs,
content and use of training forms and methods, it is still not really
scientific, uncompromising and has not created a widespread and
consensus in awareness in all forces involved. The schools have not really
focused on buying modern computer systems to serve the practical needs
of students. Besides, in managing training results, some schools have not
focused on grasping the quality of students after graduation; at times, it
has not updated and promptly handled necessary data related to the
training quality of IS on the mass media and on websites of each school.

3.6.2. The causes of the current situation of information security
training management at universities today
3.6.2.1. The causes of the advantages
First, in training in general, TM of IS in particular, universities
always receive the due attention, leadership, and guidance from the
Ministry of Education and Training in all aspects, especially in creating
conditions for budget sources, facilities and specific mechanisms for
universities to have many advantages in TM of IS.
Second, due to the unique characteristics of IS, the new training
industry, mechanisms and policies of IS in TM as well as after
graduation, have higher priority for many other subjects, so the quality
of selecting "input" sources is increasingly higher than other specialties.
Third, TM of IS has several favourable conditions to take
advantage of the facilities of other objects at schools. The Board of


14
Directors and administrators at all levels of schools have appropriate
decisions to direct organizations and forces to focus all resources to
invest, purchase technical equipment for teaching, building
infrastructure, and prioritizing human resources.
Fourth, the contingent of administrative officers and lecturers
participating in IS training are those who have good political qualities,
morality, and health with relevant qualifications, expertise, competence
and experience in management and other skills to successfully fulfil
every task assigned.
Fifth, each university training in IS knows how to study and learn
the models of training management in other specialties, especially the
majors in the field of IT at its university, as well as other universities in
and outside the country. , from there, apply appropriately and creatively

into specific conditions of training scale, as well as the training
objectives of IS.
3.6.2.2. The causes of the limitations and shortcomings
First, there is little experience in the direction, organization,
management and administration of IS at each school, especially in
directing, implementing and developing the training program and
ensuring facilities and conditions for TM.
Second, the current mechanism of the Ministry of Education and
Training relating to training in the field of IS at universities is
inadequate. Thus, it has not really created a driving force in attracting
students to study or promoting the activeness and initiative of
administrators and lecturers.
Third, universities are in shortage of the number of specialized
lecturers specialized in the field of IS such as: Information technology
monitoring techniques or Network security. On the other hand, the
quality of the teachers participating in IS training at some schools is
uneven and there is a certain gap compared to teachers specialized in
other divisions.
Fourth, each school has not fully promoted its initiative and creativity
in exploiting the support of all levels, branches, organizations and forces of
the whole society, especially in investment, funding and grassroots
supporting material and technical facilities in service of IS training.
Fifth, schools have not built a recruitment mechanism that is
really close to the real situation, so it has not attracted many candidates
with quality and ability to register for admission into the field of IS; the


15
quality of input remains limited compared to that of other training
majors at each school.

Conclusion of chapter 3
Based on the different research methods, this chapter has
conducted research and clarified the current situation of training
management of IS at universities presently. On that basis, it can be
affirmed that: Besides the initial results, there remain several limitations
and inadequacies in every stage and every step such as: training and
directing the formulation of training programs, contents, forms and
methods; management of lecturers and students. In order to overcome the
above-mentioned limitations and shortcomings, the subject of
management of information security at schools should be aware of the
current situation of training and management of IS. Simultaneously, it
defines the causes of these situations. Based on the above works, each
school needs to promote and implement measures in accordance with its
training and practical characteristics. By so doing, it can ensure that TM of
IS is achieved appropriate to the goals and the plans, which contribute to
improving the quality of training to meet the requirements of the reality.
Chapter 4
MEASURES, EXPERIMENTS, AND TESTING MEASURES
FOR MANAGEMENT OF INFORMATION SECURITY
TRAINING AT UNIVERSITIES
IN THE CURRENT CONTEXT
4.1. Measures of managing information security training at
universities in the current context
4.1.1. Diversify different forms of promotion, enrolment
counselling for high school students and improve the quality of
enrolment in training information security
This measure has an important position and role, which
directly enhances the quality of "input" on the security industry in
schools. In order to implement this measure, the following issues
should be taken into consideration: First, the universities should

make a comprehensive announcement of the quality, the
information and the activities of training information security on
social networks and through the mass media. Second, different
related Departments of Education and Training in provinces,
cities, employers, high schools should be coordinated in order to
carry out propaganda activities and give students advice on
training enrolment in IS. Third, each school should develop and


16
implement an annual IS training enrolment program in accordance
with the needs, the potentials and the capabilities of training.
Fourth, the admission procedures and regulations should be
strictly followed to ensure the objectivity, accuracy and fairness in
selecting the right student.
4.1.2. Plan the information security training to ensure the sense
of science, adhering to specific conditions in each school and the
country's demand for human resources development in each phase
This measure is vital to help schools develop a training plan on IS
that ensures the science, comprehensiveness, relevant to specific
characteristics and conditions of each school and meeting the country's
requirements on promoting human resources for IS. At present, there are
many different types of training plans on information security at
universities such as: General training plan in training for all subjects of
training in security industry, plan of each course, school year, semester,
and each learning session. Therefore, the nature of this measure confirms
that the subjects that develop the training plan must renew in awareness
to build and organize the implementation of the training plan.
Accordingly, they must determine that the innovation of building a
training plan on IS is a necessary and decisive work to the quality of the

training of IS human resources at schools. In the process of formulating
a plan, it is necessary to thoroughly grasp the training plan issued by the
Ministry of Education and Training; perform synchronously and
systematically from each school to each agency, unit, from organization
to each and every single person.
Besides the above-mentioned points, in developing the training
plan for IS, all subjects must know how to adjust the plan closely to the
practical situation. On that basis, the training plan that has been
formulated and approved by all levels must be adjusted and
supplemented to be in line with the practice. This requires all
stakeholders to grasp all developments in the plan, especially the
changes in the Party, the State’s guidelines and views by the Ministry of
Education and Training in security industry.
4.1.3. Standardize the teaching staff of information technology
and modules to meet the objectives and requirements of information
security training
This measure is of paramount importance, which directly helps
the school to build the core teaching staff in training IS, meeting the
requirements of quality and fulfilling every task assigned. To


17
implement this measure, the following issues need to be addressed:
First, universities need to build and promulgate standards in terms of
quantity and quality of lecturers to ensure conformity with
requirements of each school as a basis for selecting, training, fostering,
using and evaluating the teaching staff. Second, favourable conditions
should be created for the teaching staff in information technology to
complete the different titles of teachers. Third, each school regularly
organizes training and retraining courses for lecturers who teach

information technology. Fourth, promote scientific research activities
for lecturers who teach information technology.
4.1.4. Renew the programs and contents of information security
training in the capacity-based approach
This measure is crucial to ensure that universities can develop
programs and content of information security training to meet the
development of education, the needs and requirements of the
society. Accordingly, it aims at assisting learners to have the
appropriate attitude, knowledge and skills to be able to meet the
career requirements after graduation. The direction of renovating
the curriculum and training content of the information security
industry based on capacity approach is the primary and direct
responsibility of each university. On that basis, the main content of
this measure confirms that universities should rely on outputs as a
standard to develop the programs and the contents of training. That
means changing from a traditional way of building programs and
content in a way that emphasizes what students need to know to a
completely new program. Besides implementing a comprehensive
development objective of personality qualities, programs, training
content based on competency-based approach, it will help students
train in IS to be more proactive to meet the requirements set out,
appropriate to each individual, as well as attached to the needs of
the labour market.
4.1.5. Cooperate with agencies and units that use information
technology human resources in training information security
This measure is vital and necessary based on the principle of
"every party concerned gets benefit". The implementation of this
measure will directly contribute to promoting the role of the entire
society, especially organizations, businesses and units that use IT human
resources, including IS favourable conditions for universities to

effectively implement the stages and steps of the training process on IS,


18
thereby contributing to improving the quality of training IS to meet the
set requirements. In order to implement this measure, the following
issues need to be addressed: First, each school must be flexible in
selecting agencies and units that use information technology human
resources. Second, formulate, perfect and unify internal regulations on
cooperation with agencies and units that use information technology
human resources. Third, schools should be proactive in diversifying
forms and methods in cooperative organizations, associating with
agencies and units using information technology human resources.
Fourth, schools should regularly provide information security training to
different related agencies and units.
4.2. Test the necessity and the feasibility of the measures
The testing is carried out by the method of asking for consistence
of 05 experts on educational sciences; 12 managers who are presidents
and vice presidents of 4 universities. 260 survey questionnaires for
evaluation of all subjects who are experts in the study of Education
Science, Management Officers and Teachers about the necessity and
feasibility of the proposed measures on a 5-level scale transfer
quantitatively from 1 to 5 points.
To get the result, the following formula is made use of:

X =

∑

ni xi

n

Of which: X is the average score
xi is the score given for each content xi∈{1,2,3,4,5}
ni is the number of people giving the corresponding content points
n is the total number of participants, specifically n = 260.
With the above calculation method, the maximum point of the
scale is 5 (max) and the minimum point is 1 (min). Thus, the average (

X ) of the levels will be in the range 1 ≤ X ≤ 5.
Based on the survey questionnaire, the content of the evaluation
card includes two aspects: the necessity and feasibility of the proposed
measures evaluated and assigned points for 5 levels:
Very necessary/ Very feasible: 5 points
Quite necessary/ quite feasible: 4 points
Necessary/ feasible: 3 points
Little necessary/ little feasible: 2 points
Unnecessary/ not feasible: 1 point


19
The average points of the measures are based on to assess the
necessity and feasibility of the proposed measures. After the average
score of the survey subjects will apply the formula of calculating the
range of points to synthesize, classify according to the necessity and
the feasibility.
The formula for calculating the range of points:
Of which, L: is about point; n: for the degree of division (1-5), we
have the necessary and feasible levels as follows:
Level 1: Very necessary / Very feasible: X = 4,2 ÷ 5,0 points

Level 2: Quite necessary / Quite feasible: X = 3,4 ÷ < 4,2 points
Level 3: Necessary / Feasibility: X = 2,6 ÷ < 3,4 points
Level 4: Less necessary / Less feasible: X = 1,8 ÷ < 2,6 points
Level 5: Unnecessary / Not feasible: X = 1,0 ÷ < 1,8 points
After the survey results are obtained, synthesizing and processing
information by statistical mathematical methods according to the
identified criteria.
After the results of the investigation are conducted, synthesizing
and processing information by statistical mathematical methods
according to the identified evaluation criteria.
With the above calculation, the result is shown in the following
table: [Table 4.1].
Table 4.1. The results between the necessity and the feasibility of
the measures
Necessity
Feasibility
Measures
di
Rs
Level
Level
X
X
Measure 1
4.977
4
4.973
5
-1
1

Measure 2
4.992
1
4.992
1
0
0
Measure 3
4.988
2
4.988
2
0
0
0,9
Measure 4
4.984
3
4.984
3
0
0
Measure 5
4.965
5
4.977
4
1
1
Overall

4.981
4.968


20
Source: Summary of survey results
With the above calculation, after researching and calculating, we
obtained the results: X the necessity is 4.981 and X the feasibility is
4,968 at the same time, based on the use of statistical mathematical
methods, they I obtained the correlation results between necessity and
feasibility. From this result, we assert: the measures proposed by the
thesis are necessary and highly feasible. If the proposed measures ensure
the necessity, then they also ensure the feasibility.
4.3. The experiments of the measures
* Because of the conditions and limited time, the thesis only tested
measure 4: "Direct the innovation of the programs and content of
information security training in the direction of capacity approach".
* The contents of the experiment
First, testing the direction and implementation of the training
frame training program in the field of information security in the
direction of approaching capacity and promulgating the implementation
of that program in certain university.
Second, based on the results of the built framework program, the
author chooses the issue of developing training content in the direction
of approaching the capacity of measure 4 through the design of lesson
plans and teaching according to the built content.
* The scope of testing
It is tested at the Cryptography Technical Academy.
* The object of testing
For the direction and implementation of the formulation and

promulgation of framework programs: The test subjects are mainly the
subjects of TM at the Institute of Cryptography Technology, including
leaders, managers, Training Departments and Teaching Departments.
For building the training content based on competency-based
approach: The test subjects are teachers of the Department of Internet
safety technology and electronic transactions (e-commerce safety
module management) and the Department of cyber security technology
(management of cloud computing safety module) and the 4th year
students (2014-2019) trained civil system, 5-year time, university-level


21
specialized in IS belongs to 2 classes of AT12, namely L05 and L06. A
total of 120 students participated in the test.
* The method of testing measurement
For the direction and implementation of the formulation and
promulgation of training frame program on security industry in the
capacity-based approach
Through the program of results of training frame program on
information security in the direction of capacity development, the
measurement was made according to the following indicators: the
similarities and differences between the newly built framework program
and the framework program that the Academy Cryptographic techniques
are used on the issues: Number and name of subjects, modules; total
number of periods; details of theory, practice, exercises, schedule of
program development time ... from which to draw conclusions about the
direction of the Director of the Academy, the unity in awareness of the
related organizations and forces throughout the school in the process of
directing and carrying out the formulation and promulgation of a training
program on the field of food security in the direction of approaching

capacity. Accordingly, it is used as a basis for conducting training
content testing in the direction of the capacity-based approach and
conclusions are drawn.
For building the training content in information security in the
direction of the capacity approach
Criteria for evaluating test results: To assess the effect of
experiments (effectiveness of lectures), based on 2 basic criteria:
Criterion 1: Assess the progress of students' attitudes, activeness
and initiative in learning.
Criterion 2: Assessment of academic progress (knowledge and skills)
- Method of measurement: The measurement and evaluation of test
results are conducted in 2 rounds:
Round 1, measuring students 'progress in positiveness and
initiative in learning: To measure students' progress in positiveness and
initiative in learning (mainly by qualitative method) method of
pedagogical observation by observing attitudes and behaviours and
combining with exchange, seminar, contact with students in the learning
process; evaluate learning products such as: results recorded in class,


22
quality of prepared reports and discussion results, exercises, harvest,
curriculum test, test results .
Round 2, measure the progress of learning results (knowledge,
skills): To measure the progress of academic results, conduct student
assessment through the ability to comprehend and handle learning
situations practice right in the lecture, in self-study exercises, in
discussions, in taking tests. This is most evident in the statistics of test
results and test of student assignments at the end of the test.
Each exercise is scored on a 10-point scale, divided into 4 grades:

good (score 9 to 10), fair (from 7 to 9), average (from 5 to 7), weak
(from 1 to close 5).
*.The results of testing
- For the direction and implementation of the construction and
promulgation of training frame program on IS in the direction of
approaching competency: The training program on IS is built in the
direction of approaching capacity compared to the framework
program. The orientation was mainly focused on forming and
developing capacity for students. The program is scientifically
designed, with a clear division of knowledge blocks. This program
has overcome the limitations of the old program such as spreading,
academicism in knowledge blocks. The program is suitable to the
standard output framework of IS training.
- For building the training content in the direction of the
capacity-based approach: After tested, students trained in IS has had a
comprehensive development in terms of learning attitudes, knowledge
and skills. The variables related to capacity development of the test
class are strictly controlled, objective and serious. This results show
that the effectiveness of the experimental impact measures help
students improve their ability to meet the goals of training
requirements. Through this testing result, it can be confirmed that: The
measures proposed by the thesis are necessary and feasible with their
high quality and reliability.
Conclusion of chapter 4
In order to improve the effectiveness of TM in IS at universities in
the current context, the thesis seeks to propose 5 measures of TM of IS at
universities in the current context, namely: 1) diversify the forms of


23

advertisement, enrolment advisories for high school students and improve
the quality of enrolment in training in the security industry. 2) Promote a
training plan for the field of IS to ensure the science, closely follow
specific conditions in each school and the needs of developing human
resources in the security sector in each period. 3) Standardize the teaching
staff in teaching subjects in the IT field to meet the objectives and
requirements of IS training. 4) Renew the training programs and content in
the field of food security with a competency-based approach. 5) cooperate
with agencies and units using IT human resources in IS training.
Based on the 5 proposed measures, the thesis has tested the
necessity and feasibility of the measures. The testing process is
conducted in accordance with the process of educational management
science. The testing results are based on quantitative and qualitative
analysis and the have primarily proved that the proposed measures
are crucial and feasible; appropriate with the reality of different
university presently.
CONCLUSIONS AND RECOMMENDATIONS
1. Conclusions
In the current period, the implementation of TM of IS at
universities is a requirement, a task and a solution. By giving an
overview of the previous works related to training and training
management of IT at universities overseas and in the country, the thesis
proves itself to be is a non-duplicated scientific work with any works
published previously; Simultaneously, the thesis also inherits and
develops these works to fulfil its objectives and aims.
The thesis has analysed the theoretical basis of TM of IS at
universities; conducting several surveys, and analysing the current
situation of training and training management on IS at universities.
Accordingly, it can be concluded that: besides the achievements,
there remain several limitations and shortcomings at every stage

and every management content such as: in developing training
plans; improving teachers’ knowledge and pedagogical capacity,
program management, content, methods and related conditions. It is
considered as both the current situation and the cause leading to the
fact that the quality of IS training fails to meet the goals and the
requirements in the current context.


24
In order to overcome the above problems, as well as contribute
to improving the quality and effectiveness of e-management, the
thesis proposes 5 different measures, namely: 1) diversifies the forms
of advertisement, enrolment advisories for high school students and
improves the quality of enrolment in training in the security industry.
2) Promote a training plan for the field of IS to ensure the science,
closely follow specific conditions in each school and the needs of
developing human resources in the security sector in each period. 3)
Standardize the teaching staff in teaching subjects in the IT field to
meet the objectives and requirements of IS training. 4) Renew the
training programs and content in the field of food security with a
competency-based approach. 5) cooperate with agencies and units
using IT human resources in IS training.
Additionally, in order to assess the correctness, feasibility, and
effectiveness of the measures, measure 4 has been conducted at Institute
of Cryptography Technology. After the testing process, by analysing
results both qualitatively and quantitatively, it can be concluded that the
proposed measures are reliable, necessary and feasible. If the related
subjects of TM of IS at universities accomplish 5 measures mentioned
above, the quality and effectiveness of TM of IS at schools will be
improved, meeting the objectives and requirements set out and the

quality of training in the current context.
2. Recommendations
In order for the thesis to be effectively applied in the reality, the
thesis’s author has proposed 5 recommendations to the Ministry of
Education and Training; 6 recommendations to universities with IS training.