1 INTRODUCTION Rationale for the study Currently, before the rapid development of IT, especially computer network technology, internet and large databases, online information websites in all fields have made the need to deploy the computer network application system and communication increased rapidly Notably, when the world enters the Industrial Revolution 4.0, the application of IT contributes to improving the efficiency of social management, the quality of people’ material and spirit life; increasing productivity, efficiency and economic growth However, along with these advantages, it has led to the situation of insecurity and IS that are becoming more and more complicated There are several existing risks that seriously threaten the application of IT to serve socio-economic development and ensure national defence and security Thus, the IS is considered as one of the "vital" factors, determining the existence, and development of each individual, organization, socio-economic development and national defence and security Thoroughly aware of that problem, in 2014, the Prime Minister issued Decision No 99 QD / TTg dated January 14, approving the “Project on training and developing human resources for information safety and security in 2020", which clearly states: "Training and developing human resources for safety and IS is one of the solutions to ensure national digital sovereignty, mastering cyberspace, contributing to protecting ensure national defence and security; is an important part of the task of developing information technology human resources, contributing to ensuring the successful implementation of the plan to turn Vietnam into a strong country in terms of information and communication technology” Simultaneously, key universities of the country are assigned to carry out training on IS Up to now, along with the development, in our country there are 10 universities performing the task of training human resources specialized in IS, including: Hanoi University of Science and Technology, Public University Technology Hanoi National University, Posts and Telecommunications Institute of Technology, Cryptography Technique Academy, Military Technical Academy, People's Security Academy, Duy Tan University, IT University - University Ho Chi Minh City Country, and FPT University Thoroughly grasping and implementing Decisions of the Prime Minister, under the direction of the Ministry of Education and Training, universities assigned to train in the field of IS have organized training and determined to improve their effectiveness Management of IS industry is one of the important factors contributing to improving the training quality of IS industry, as well as the comprehensive training quality of each school At the same time, it serves as the foundation for the schools to train the contingent of human resources specialized in IS with good quality and capacity to meet the requirements of the set reality However, from the practice, due to the fact that IS is a new training industry, in the e-management at schools, in addition to the advantages, there are still many difficulties and shortcomings, from the stage of developing the plan, organize the implementation of the training, and the development of faculty staff This is both a reality, but also a basic cause for the quality of training IS industry in schools over time "is still low compared to the country's development requirements in the new period; Career capacity of graduates has not yet met the requirements of the job, the supply and demand of human resources in the security industry, as well as the quality and effectiveness of training in the security industry in schools have not really met the social needs Besides, so far, in our country, there has not been any in-depth research on management of IS at universities From the abovementioned reasons, the author decides to choose the topic entitles "Management of Information Security Training at Universities in the Current Context" as his doctoral thesis Objectives and tasks of the study Objectives The thesis focuses on analysing and clarifying theoretical and practical basis of TM on IS at universities; From there, propose measures to manage the IS industry at the university in the current context, contributing to improving the quality and effectiveness of TM, as well as the quality of training security at universities to meet the needs of safe human resources, and IS in the new context Tasks Giving an overview of the thesis-related research works Clarifying the theoretical basis of TM on IS at universities in the current context Conducting surveys, analysing, assessing the current situation and indicating the causes of the current situation of training and TM of IS at universities today Proposing measures to TM of IS at universities in the current context, conducting experiments and testing the proposed measures 3 Object, subject, scope of the study and scientific hypotheses Object TM at universities in the current context Subject TM of IS at universities in the current context Scope In terms of content, the topic focuses on the study of TM in the field of IS for undergraduate subjects at universities In terms of area, object and time of survey: Areas of survey: The thesis conducted different surveys at universities providing training on IS at university level in the whole country, specifically: Posts and Telecommunications Institute of Technology, University of Information Technology - Ho Chi Minh City National University, Institute of Cryptography Technology, and FPT University Time of survey: the survey was conducted at universities is from January, 2019 to March, 2019 In terms of time range of data used in the thesis: data used for the thesis has been compiled from 2015 to present Scientific hypothesis Management of training in the field of IS at universities is a decisive factor to the quality of human resources of IS industry in our country today Yet, the management of IS industry at schools in the past time still has certain limitations and shortcomings Accordingly, if the universities solve problems such as: Organizing diversification of forms of promotion, enrolment counselling for high school students and improving the quality of enrolment in industry training ATTT; to develop a training plan on sport security to ensure the science, closely follow specific conditions at each school and the needs of developing human resources on security of the country in each period; directing the standardization of lecturing staff for teaching IT subjects and modules to meet the objectives and requirements of training in IS industry; directing the innovation of training programs and content in the field of IS in the direction of approaching capacity and organizing cooperation and cooperation with agencies and units that use IT human resources in training in IS industry Management results will be improved, contributing to improving the quality of security training for schools to meet the requirements of human resources security at set in the current context Research method and methodology Research method The thesis is based on dialectical materialism, historical materialism of Marxism - Leninism, Ho Chi Minh thought; thoroughly grasping the lines and views of the Communist Party of Vietnam on Education and Training Simultaneously, the thesis is based on the following approaches: * The system - structure approach * The practical approach * The training process approach * The approach based on the CIPO model of training quality management Methodology The thesis makes use of the following methods: Methods of theoretical research; practical research methods; Assaying and testing methods, and supporting methods New contributions of the study The thesis clarifies the theoretical basis for TM of IS at universities Specifically, it adds and clarifies the theoretical issues of training in the field of IS at universities such as clarifying the concepts and elements of TM at universities; pointing out the characteristics of training in IS at universities; building the concept and analysing the factors affecting the management of IS currently The thesis accurately and objectively assesses the current situation of training and TM on IS in universities today At the same time, it proposes practical and feasible measures to manage the IS at universities, contributing to improving the quality and efficiency of TM of IS, as well as the quality of training the IS industry at universities in the current context Theoretical and practical significance of the study Theoretical significance The thesis contributes to adding and developing the theory of training and TM on IS at universities In particular, the thesis seeks to propose measures to manage the IS industry at universities in the current context Practical significance The results of the thesis can be used as references for research, teaching issues related to training and TM Simultaneously, it helps each university training in the field of IS to properly recognize the current situation of training and management of the Department of IS with the object of training at the university level today The thesis also helps universities to apply in practical management of IS industry, thereby contributing to improving the quality and effectiveness of TM of IS to meet the current management requirements The structure of the study The thesis includes: Introduction, chapters, Conclusion, Recommendations, a list of scientific works of the author, a list of references and appendices Chapter AN OVERVIEW OF THE THESIS-RELATED RESEARCH SITUATION 1.1 The works on training and training management at universities 1.1.1 The research works overseas Typical works: "Distance learning theory and practice" by Polat; "The credibility of the credit hour: History, use and shortcomings of the credit system - The credibility of credit hours: History, application and limitations of the credit system" [128] by Heffernan Jame; "Academic credit system in higher education" by Regel.O; "University training program" by Tanner; "Higher education staff development for the 21st century" by Mary Louise Kearney; "Curriculum: Foundations, Principles, and Issues - Curriculum: Foundations, principles and building policies" by Allan C Ornstein; "School Development Planning" by two authors are B Davies and L Ellison; "Quality Management and Quality Assurance in European Higher Education" by Van Vught F.A and Westerheijden D.F; "Standards and Quality in Higher Education" by Brennan J., Vries p & Williams R; "Total quality management in Education" by Marmar Mukhopadhyay, etc In general, these above works by foreign authors are considered as the theoretical and practical real basis for the author to inherit, develop and apply in the process of fulfilling the aims and objectives of the thesis 1.1.2 The research works in the country In our country, there are many works on training at universities, typically: "Teaching based on case studies at university" by Vu Thi Lan; "Opportunities and challenges of Vietnam's higher education in the globalization trend" by Vo Thi Phien; "Vietnam's higher education before the requirements of radical and comprehensive innovation" by Pham Thanh Khanh; "Structure of different types of higher education in the national education system" by Dang Ba Lam, Phan Huu Tiet and Nguyen Viet Hung; "Teaching based on case studies at university" by Nguyen Thi Thu Lan; "Improving the management model of training high-quality human resources for Vietnamese universities" by Trinh Ngoc Thach; "Quality management training according to ISO 9001: 2000 in Vietnam Maritime University" by Nguyen Duc Ca; "The management of training political theory lecturers to meet the current renovation requirements" by Nguyen Thi Thu Thuy; and "Management training cadres of Ho Chi Minh Pioneering Youth Team towards quality assurance" by Nguyen Thu Muoi, etc 1.2 The works on training, management training in the fields of information technology at universities In our country, there are several works on training and training management of IT, such as: "Prioritizing the development of technological human resources in our country during the period of industrialization modernization” by Dang Ba Lam and Tran Khanh Duc; "Major solutions to develop science and technology human resources for the cause of industrialization and modernization" by Pham Van Quy; "Experience in developing information technology human resources in Asia - Pacific" by To Chi Thanh; "Situation of high-tech human resources in Vietnam" by Do Thi Ngoc Anh; "Development of information technology human resources in Vietnam - Situation and solutions" by Nguyen Thi Thanh; and "Innovating the information technology training program according to international standards" by Ngo Tu Thanh, etc The works on improving the quality of training the information security at universities include: "Five solutions for developing human resources for information security in university training" by Nguyen Van Hien; "Solutions and management criteria quality of information technology college training based on TQM approach” by Ngo Xuan Binh; "Some solutions to develop science and technology human resources in Vietnam today" by Duong Quynh Hoa; and "Managing the process of training high-quality human resources at Hanoi High-Tech Vocational College" by Khong Huu Luc, etc 1.3 An overview of the thesis-related works and the issues need further addressing in the thesis 1.3.1 An overview of the thesis-related works First, the issue related to training at universities has been paid attention to by several authors all over the world in many angles, multidimensional and aspects Especially, in our country, up to now, these constructions have built up the concept of training in general and at universities in particular with different approaches; specify the position and role of training in universities to improve the quality of human resources to meet the requirements of the society; pointing out the basic contents and elements of the investment management; analysing and clarifying the challenges, opportunities and requirements in training innovation at universities in response to the development of the reality Second, the works on TM at universities in recent years has been increasingly appreciated by domestic and foreign authors In particular, the works overseas have brought out the key issues in TM at schools There are several works researching some specific management models in training and assessing the quality of schools or developing the programs, the training content, and the staff Especially, the domestic works have confirmed the position, the role and the necessity of the training management, which is a key issue that decides the quality and effectiveness of TM at schools There are a number of works on different aspects in TM or applying management models into TM in each certain school, object and scope Third, the works on TM of IT at universities recently have been gradually studied When discussing this issue, the works mainly approach under the view of Education Management science to explain and clarify some basic theoretical issues on management on IT In general, the works have clearly affirmed the position, role and the need of training, training management of the IT industry in the current context Some initial works have made methodological requirements or in-depth studies on some specific contents of TM of IT industry Besides, there are some initial works mentioned training and managing the field of IT at universities such as: mentioning experience in training in IS industry in some countries in the world; solutions to improve the quality of training in IS at universities in our country today The abovementioned issues are considered as important basis for the author to inherit and apply during the process of conducting the thesis The facts show that IS is a new training industry in the IT field that universities in our country are currently training Along with that, up to now, there are very few works on training management on security industry Related buildings have just stopped at the first step, mainly in the suggestive form in works related to the IT industry without typical case studies There have not been any studies showing the characteristics of the security information industry and the specific characteristics of e-learning security management at universities; The thesis has not yet pointed out the theoretical and practical issues, especially the proposed practical, highly feasible measures and requirements in training management of information security at universities, thereby contributing to ensuring to ensure the quality of training on information security, as well as the quality of training at the schools to meet the given objectives and requirements 1.3.2 The issues need further addressing in the thesis First, on the basis of the previous studies, the thesis continues to conduct additional studies, clarifying the concepts related to training and training management of IS at universities; specify the characteristics of the security industry and the management of IS industry; analysing the nature and indicating the contents and factors affecting the management of IS at universities in the current context 8 Second, of the works published previously, none of them has specifically evaluated the current situation of training and training management on IS at universities today Thus, this thesis will continue to evaluate the current situation of training and management of IS at universities in the past recent years By analysing the current situation and the causes, the thesis specifies the requirements and obstacles in TM of IS at universities Third, the thesis proposes, analyses and clarifies the measures of TM of IS at universities in the current context, appropriate to reality, the subjects, and the training objectives This is considered a core issue, not only contributing to ensure that the quality of training in IS at schools relevant to the training goals, but it is also important to ensure IT human resources, meeting the IT development trends in the context of the Industry Revolution 4.0 Conclusion of chapter The studies related to training and TM at universities has been paid due attention by several authors overseas and in the country These works are approached in a variety of angles and aspects, ensuring the complete, systematic, scientific and intensive sense Yet, the facts show that IS is a new training industry in the field of IT on offer at universities Along with that, up to now, there have been no works on TM of IS at universities under the perspective of Education Management with systematic and scientific sense Therefore, the literature review of the works published previously will contribute to create a reliable foundation for the author to conduct the doctoral thesis namely "Management of Information Security Training at Universities in the Current Context” Chapter THE THEORETICAL BACKGROUND FOR THE TRAINING MANAGEMENT OF INFORMATION SECURITY AT UNIVERSITIES IN THE CURRENT CONTEXT 2.1 The theoretical issues of training and information security at universities 2.1.1 The concept of training and the components making up the training process at universities 2.1.1.1 The concept of training at universities Training at universities is seen as a process of purposeful and organized impact of pedagogical forces in each school to learners to form and promote learners’ competence in accordance with the set objectives and the requirements of training 2.1.1.2 The components making up the training process at universities First, the objectives of training Second, the contents of training Third, the methods of training Fourth, the form of training organization Fifth, the teachers Sixth, the students Seven, the facilities and teaching techniques Eighth, the results of training 2.1.2 The concept and characteristics of training information security at universities 2.1.2.1 The concept of information security and training of information security at universities * The concept of information security Information security is defined as the protection of digital information and information systems against natural hazards, acts of illegal access, use, dissemination, sabotage, modification and destruction to ensure information systems perform properly and serve the right subjects in a ready, accurate and reliable manner * The concept of training information security at universities Training IS at universities is a purposeful and organized process of pedagogical forces at schools to formulate and promote learners’ competencies, knowledge, and skills appropriate to the identified objectives and requirements of training in IS 2.1.2.2 The characteristics of training information security at universities First, IS is a training industry with its increasing position and role in modern society Second, the objective of training in the security industry focuses on helping learners gain knowledge, analytical skills, and solve problems related to network information security and confidentiality Third, the training programs and contents are designed and built in the direction of being highly practical and in line with the development of information technology Fourth, the teaching staff participating in information security training at universities are diverse and plentiful, but account for the majority of lecturers specialized in information technology Fifth, the students of Information Security training are strictly selected according to their own criteria and are entitled to particular preferential treatment Sixth, the mechanism of training organization and facilities ensure the training of information security with peculiar traits 2.2 The theoretical issues on management of information security training at universities 10 2.2.1 The concept of management of information security training at universities Management of training in IS at universities is the purposeful, planned impacts, which are suitable to the educational management function of the management of IS Accordingly, it helps to organize and control this process in line with the rules of education, the efficiency, the goals and requirements 2.2.2 The approach based on the CIPO training quality management model in training management of information security at universities From the above-mentioned issues, it can be seen that the approach based on the model of CIPO training quality management in training management of information security at universities includes the following basic issues: First, the impact of the context Second, the management of the input Third, the management of the process Fourth, the management of the output 2.2.3 The content of management training in information security industry at universities First, organizing training activities for information security industry Second, developing an information security training plan Third, promoting the development of programs, content and forms of organization of information security training Fourth, managing lecturers participating in training in Information Security and students of Information Security Fifth, managing the conditions and training environment for Information Security Sixth, managing the training results in Information Security 2.3 The factors affecting the training management of information security at universities First, the impact from the requirements of education and training innovation and the Party and State’s guidelines and policies on information technology training at universities Second, the impact from the characteristics of the current situation, especially the strong development of information technology Third, the impact of the need for innovation in training management at universities presently Fourth, the impact of the attention of the whole society, especially the education, to the task of training information security at universities 11 Fifth, the impact from the quality and capacity of managers and lecturers at schools Sixth, the impact from the students’ input quality of at schools Seventh, the impact from experience in training management in the fields of information technology and information security at schools Conclusion of chapter Management of training in IS at universities is the impact with purpose and plan, appropriate to the educational management function of the management subject to the training process of IS, in accordance with the laws of education, with optimal effectiveness and achievements To effectively address that problem, the schools need to be thoroughly aware of the position and the role of training in information security, defining characteristics of training in information security at universities presently Besides, it is necessary to indicate the issues in management of information security at universities such as: the subjects, the objects, the methods, and the tools in management; identifying the specific content in TM of IS Especially, it is necessary to indicate the factors affecting the management of information security at universities On that basis, appropriate measures to TM of IS are proposed in accordance with practical conditions and the characteristics of each specific school Chapter PRACTICAL BASIS FOR MANAGEMENT OF INFORMATION SECURITY TRAINING AT UNIVERSITIES IN THE CURRENT CONTEXT 3.1 An overview of the universities training information security currently 3.1.1 An overview of the training objective 3.1.2 An overview of the organizational structure 3.1.3 An overview of the subject, the teaching staff and the facility of training 3.2 The method of conducting surveys and evaluating the current situation It includes the following issues: The purpose of the survey; the content of the survey; the object, area, time of the survey; the method of conducting the survey; and the method of processing data 3.3 The current situation of training security information at universities presently The evaluation of the current situation of training at universities is carried out on the following basic contents: First, the current situation of developing curricula and content of information security training 12 Second, the current situation of the methods and forms of information security training Third, the current situation of checking and evaluating the results of information security training 3.4 The current situation of management of information security training at universities presently The current situation of TM of IS at universities is implemented on the following contents: First, the current situation of organizing training enrolment activities in information security Second, the current situation of developing the plan of information security training Third, the current situation of directing the formulation of programs, contents and using methods and forms of organizing information security training Fourth, the current situation of managing lecturers participating information security training and students of information security Fifth, the current situation of management of conditions and the environment of information security training Sixth, the current situation of managing the results of information security training 3.5 The current situation of the factors affecting the training management of Information Security industry at universities today The assessment of the current situation of the impacting elements is implemented on the following contents: First, the current situation of the impact from the innovation requirements of education and training; the Party and the State’s guidelines and policies on training IT human resources at universities Second, the current situation of the impact of the characteristics of the current context, especially the IT powerful development Third, the current situation of the impact from the requirements of training management innovation at universities presently Fourth, the current situation of impact from the attention of the whole society, especially of the Education sector, to the task of training the field of Information Security at universities Fifth, the current situation is affected by the quality and capacity of managers and lecturers at schools Sixth, the current situation of the impact from the input quality of the students of information security at schools 13 Seventh, the current situation of the impact from experience in training management of IT and IS and at schools 3.6 General assessment of the current situation and the causes of the current situation of information security training management at universities presently 3.6.1 General assessment of the current situation of information security training management at universities presently 3.6.1.1 The advantages In general, the universities have gradually implemented the contents of TM of IS They have defined the conditions, the standards and the procedures of the enrolment ARE training Thus, the quality of IS training at schools has been gradually in line the requirements of the reality 3.6.1.2 The limitations and shortcomings In giving directions and organizing enrolment activities, the forms and methods of admissions counselling organizations are not really various and diverse and close to the practical situation The training plan sometimes was not harmonized with that between classes in the same course or other training subjects In directing the formulation of programs, content and use of training forms and methods, it is still not really scientific, uncompromising and has not created a widespread and consensus in awareness in all forces involved The schools have not really focused on buying modern computer systems to serve the practical needs of students Besides, in managing training results, some schools have not focused on grasping the quality of students after graduation; at times, it has not updated and promptly handled necessary data related to the training quality of IS on the mass media and on websites of each school 3.6.2 The causes of the current situation of information security training management at universities today 3.6.2.1 The causes of the advantages First, in training in general, TM of IS in particular, universities always receive the due attention, leadership, and guidance from the Ministry of Education and Training in all aspects, especially in creating conditions for budget sources, facilities and specific mechanisms for universities to have many advantages in TM of IS Second, due to the unique characteristics of IS, the new training industry, mechanisms and policies of IS in TM as well as after graduation, have higher priority for many other subjects, so the quality of selecting "input" sources is increasingly higher than other specialties Third, TM of IS has several favourable conditions to take advantage of the facilities of other objects at schools The Board of 14 Directors and administrators at all levels of schools have appropriate decisions to direct organizations and forces to focus all resources to invest, purchase technical equipment for teaching, building infrastructure, and prioritizing human resources Fourth, the contingent of administrative officers and lecturers participating in IS training are those who have good political qualities, morality, and health with relevant qualifications, expertise, competence and experience in management and other skills to successfully fulfil every task assigned Fifth, each university training in IS knows how to study and learn the models of training management in other specialties, especially the majors in the field of IT at its university, as well as other universities in and outside the country , from there, apply appropriately and creatively into specific conditions of training scale, as well as the training objectives of IS 3.6.2.2 The causes of the limitations and shortcomings First, there is little experience in the direction, organization, management and administration of IS at each school, especially in directing, implementing and developing the training program and ensuring facilities and conditions for TM Second, the current mechanism of the Ministry of Education and Training relating to training in the field of IS at universities is inadequate Thus, it has not really created a driving force in attracting students to study or promoting the activeness and initiative of administrators and lecturers Third, universities are in shortage of the number of specialized lecturers specialized in the field of IS such as: Information technology monitoring techniques or Network security On the other hand, the quality of the teachers participating in IS training at some schools is uneven and there is a certain gap compared to teachers specialized in other divisions Fourth, each school has not fully promoted its initiative and creativity in exploiting the support of all levels, branches, organizations and forces of the whole society, especially in investment, funding and grassroots supporting material and technical facilities in service of IS training Fifth, schools have not built a recruitment mechanism that is really close to the real situation, so it has not attracted many candidates with quality and ability to register for admission into the field of IS; the 15 quality of input remains limited compared to that of other training majors at each school Conclusion of chapter Based on the different research methods, this chapter has conducted research and clarified the current situation of training management of IS at universities presently On that basis, it can be affirmed that: Besides the initial results, there remain several limitations and inadequacies in every stage and every step such as: training and directing the formulation of training programs, contents, forms and methods; management of lecturers and students In order to overcome the above-mentioned limitations and shortcomings, the subject of management of information security at schools should be aware of the current situation of training and management of IS Simultaneously, it defines the causes of these situations Based on the above works, each school needs to promote and implement measures in accordance with its training and practical characteristics By so doing, it can ensure that TM of IS is achieved appropriate to the goals and the plans, which contribute to improving the quality of training to meet the requirements of the reality Chapter MEASURES, EXPERIMENTS, AND TESTING MEASURES FOR MANAGEMENT OF INFORMATION SECURITY TRAINING AT UNIVERSITIES IN THE CURRENT CONTEXT 4.1 Measures of managing information security training at universities in the current context 4.1.1 Diversify different forms of promotion, enrolment counselling for high school students and improve the quality of enrolment in training information security This measure has an important position and role, which directly enhances the quality of "input" on the security industry in schools In order to implement this measure, the following issues should be taken into consideration: First, the universities should make a comprehensive announcement of the quality, the information and the activities of training information security on social networks and through the mass media Second, different related Departments of Education and Training in provinces, cities, employers, high schools should be coordinated in order to carry out propaganda activities and give students advice on training enrolment in IS Third, each school should develop and 16 implement an annual IS training enrolment program in accordance with the needs, the potentials and the capabilities of training Fourth, the admission procedures and regulations should be strictly followed to ensure the objectivity, accuracy and fairness in selecting the right student 4.1.2 Plan the information security training to ensure the sense of science, adhering to specific conditions in each school and the country's demand for human resources development in each phase This measure is vital to help schools develop a training plan on IS that ensures the science, comprehensiveness, relevant to specific characteristics and conditions of each school and meeting the country's requirements on promoting human resources for IS At present, there are many different types of training plans on information security at universities such as: General training plan in training for all subjects of training in security industry, plan of each course, school year, semester, and each learning session Therefore, the nature of this measure confirms that the subjects that develop the training plan must renew in awareness to build and organize the implementation of the training plan Accordingly, they must determine that the innovation of building a training plan on IS is a necessary and decisive work to the quality of the training of IS human resources at schools In the process of formulating a plan, it is necessary to thoroughly grasp the training plan issued by the Ministry of Education and Training; perform synchronously and systematically from each school to each agency, unit, from organization to each and every single person Besides the above-mentioned points, in developing the training plan for IS, all subjects must know how to adjust the plan closely to the practical situation On that basis, the training plan that has been formulated and approved by all levels must be adjusted and supplemented to be in line with the practice This requires all stakeholders to grasp all developments in the plan, especially the changes in the Party, the State’s guidelines and views by the Ministry of Education and Training in security industry 4.1.3 Standardize the teaching staff of information technology and modules to meet the objectives and requirements of information security training This measure is of paramount importance, which directly helps the school to build the core teaching staff in training IS, meeting the requirements of quality and fulfilling every task assigned To 17 implement this measure, the following issues need to be addressed: First, universities need to build and promulgate standards in terms of quantity and quality of lecturers to ensure conformity with requirements of each school as a basis for selecting, training, fostering, using and evaluating the teaching staff Second, favourable conditions should be created for the teaching staff in information technology to complete the different titles of teachers Third, each school regularly organizes training and retraining courses for lecturers who teach information technology Fourth, promote scientific research activities for lecturers who teach information technology 4.1.4 Renew the programs and contents of information security training in the capacity-based approach This measure is crucial to ensure that universities can develop programs and content of information security training to meet the development of education, the needs and requirements of the society Accordingly, it aims at assisting learners to have the appropriate attitude, knowledge and skills to be able to meet the career requirements after graduation The direction of renovating the curriculum and training content of the information security industry based on capacity approach is the primary and direct responsibility of each university On that basis, the main content of this measure confirms that universities should rely on outputs as a standard to develop the programs and the contents of training That means changing from a traditional way of building programs and content in a way that emphasizes what students need to know to a completely new program Besides implementing a comprehensive development objective of personality qualities, programs, training content based on competency-based approach, it will help students train in IS to be more proactive to meet the requirements set out, appropriate to each individual, as well as attached to the needs of the labour market 4.1.5 Cooperate with agencies and units that use information technology human resources in training information security This measure is vital and necessary based on the principle of "every party concerned gets benefit" The implementation of this measure will directly contribute to promoting the role of the entire society, especially organizations, businesses and units that use IT human resources, including IS favourable conditions for universities to effectively implement the stages and steps of the training process on IS, 18 thereby contributing to improving the quality of training IS to meet the set requirements In order to implement this measure, the following issues need to be addressed: First, each school must be flexible in selecting agencies and units that use information technology human resources Second, formulate, perfect and unify internal regulations on cooperation with agencies and units that use information technology human resources Third, schools should be proactive in diversifying forms and methods in cooperative organizations, associating with agencies and units using information technology human resources Fourth, schools should regularly provide information security training to different related agencies and units 4.2 Test the necessity and the feasibility of the measures The testing is carried out by the method of asking for consistence of 05 experts on educational sciences; 12 managers who are presidents and vice presidents of universities 260 survey questionnaires for evaluation of all subjects who are experts in the study of Education Science, Management Officers and Teachers about the necessity and feasibility of the proposed measures on a 5-level scale transfer quantitatively from to points To get the result, the following formula is made use of: X = ∑ ni xi n Of which: X is the average score xi is the score given for each content xi∈{1,2,3,4,5} ni is the number of people giving the corresponding content points n is the total number of participants, specifically n = 260 With the above calculation method, the maximum point of the scale is (max) and the minimum point is (min) Thus, the average ( X ) of the levels will be in the range ≤ X ≤ Based on the survey questionnaire, the content of the evaluation card includes two aspects: the necessity and feasibility of the proposed measures evaluated and assigned points for levels: Very necessary/ Very feasible: points Quite necessary/ quite feasible: points Necessary/ feasible: points Little necessary/ little feasible: points Unnecessary/ not feasible: point 19 The average points of the measures are based on to assess the necessity and feasibility of the proposed measures After the average score of the survey subjects will apply the formula of calculating the range of points to synthesize, classify according to the necessity and the feasibility The formula for calculating the range of points: Of which, L: is about point; n: for the degree of division (1-5), we have the necessary and feasible levels as follows: Level 1: Very necessary / Very feasible: X = 4,2 ÷ 5,0 points Level 2: Quite necessary / Quite feasible: X = 3,4 ÷ < 4,2 points Level 3: Necessary / Feasibility: X = 2,6 ÷ < 3,4 points Level 4: Less necessary / Less feasible: X = 1,8 ÷ < 2,6 points Level 5: Unnecessary / Not feasible: X = 1,0 ÷ < 1,8 points After the survey results are obtained, synthesizing and processing information by statistical mathematical methods according to the identified criteria After the results of the investigation are conducted, synthesizing and processing information by statistical mathematical methods according to the identified evaluation criteria With the above calculation, the result is shown in the following table: [Table 4.1] Table 4.1 The results between the necessity and the feasibility of the measures Necessity Feasibility Measures di Rs Level Level X X Measure 4.977 4.973 -1 Measure 4.992 4.992 0 Measure 4.988 4.988 0 0,9 Measure 4.984 4.984 0 Measure 4.965 4.977 1 Overall 4.981 4.968 20 Source: Summary of survey results With the above calculation, after researching and calculating, we obtained the results: X the necessity is 4.981 and X the feasibility is 4,968 at the same time, based on the use of statistical mathematical methods, they I obtained the correlation results between necessity and feasibility From this result, we assert: the measures proposed by the thesis are necessary and highly feasible If the proposed measures ensure the necessity, then they also ensure the feasibility 4.3 The experiments of the measures * Because of the conditions and limited time, the thesis only tested measure 4: "Direct the innovation of the programs and content of information security training in the direction of capacity approach" * The contents of the experiment First, testing the direction and implementation of the training frame training program in the field of information security in the direction of approaching capacity and promulgating the implementation of that program in certain university Second, based on the results of the built framework program, the author chooses the issue of developing training content in the direction of approaching the capacity of measure through the design of lesson plans and teaching according to the built content * The scope of testing It is tested at the Cryptography Technical Academy * The object of testing For the direction and implementation of the formulation and promulgation of framework programs: The test subjects are mainly the subjects of TM at the Institute of Cryptography Technology, including leaders, managers, Training Departments and Teaching Departments For building the training content based on competency-based approach: The test subjects are teachers of the Department of Internet safety technology and electronic transactions (e-commerce safety module management) and the Department of cyber security technology (management of cloud computing safety module) and the 4th year students (2014-2019) trained civil system, 5-year time, university-level 21 specialized in IS belongs to classes of AT12, namely L05 and L06 A total of 120 students participated in the test * The method of testing measurement For the direction and implementation of the formulation and promulgation of training frame program on security industry in the capacity-based approach Through the program of results of training frame program on information security in the direction of capacity development, the measurement was made according to the following indicators: the similarities and differences between the newly built framework program and the framework program that the Academy Cryptographic techniques are used on the issues: Number and name of subjects, modules; total number of periods; details of theory, practice, exercises, schedule of program development time from which to draw conclusions about the direction of the Director of the Academy, the unity in awareness of the related organizations and forces throughout the school in the process of directing and carrying out the formulation and promulgation of a training program on the field of food security in the direction of approaching capacity Accordingly, it is used as a basis for conducting training content testing in the direction of the capacity-based approach and conclusions are drawn For building the training content in information security in the direction of the capacity approach Criteria for evaluating test results: To assess the effect of experiments (effectiveness of lectures), based on basic criteria: Criterion 1: Assess the progress of students' attitudes, activeness and initiative in learning Criterion 2: Assessment of academic progress (knowledge and skills) - Method of measurement: The measurement and evaluation of test results are conducted in rounds: Round 1, measuring students 'progress in positiveness and initiative in learning: To measure students' progress in positiveness and initiative in learning (mainly by qualitative method) method of pedagogical observation by observing attitudes and behaviours and combining with exchange, seminar, contact with students in the learning process; evaluate learning products such as: results recorded in class, 22 quality of prepared reports and discussion results, exercises, harvest, curriculum test, test results Round 2, measure the progress of learning results (knowledge, skills): To measure the progress of academic results, conduct student assessment through the ability to comprehend and handle learning situations practice right in the lecture, in self-study exercises, in discussions, in taking tests This is most evident in the statistics of test results and test of student assignments at the end of the test Each exercise is scored on a 10-point scale, divided into grades: good (score to 10), fair (from to 9), average (from to 7), weak (from to close 5) *.The results of testing - For the direction and implementation of the construction and promulgation of training frame program on IS in the direction of approaching competency: The training program on IS is built in the direction of approaching capacity compared to the framework program The orientation was mainly focused on forming and developing capacity for students The program is scientifically designed, with a clear division of knowledge blocks This program has overcome the limitations of the old program such as spreading, academicism in knowledge blocks The program is suitable to the standard output framework of IS training - For building the training content in the direction of the capacity-based approach: After tested, students trained in IS has had a comprehensive development in terms of learning attitudes, knowledge and skills The variables related to capacity development of the test class are strictly controlled, objective and serious This results show that the effectiveness of the experimental impact measures help students improve their ability to meet the goals of training requirements Through this testing result, it can be confirmed that: The measures proposed by the thesis are necessary and feasible with their high quality and reliability Conclusion of chapter In order to improve the effectiveness of TM in IS at universities in the current context, the thesis seeks to propose measures of TM of IS at universities in the current context, namely: 1) diversify the forms of 23 advertisement, enrolment advisories for high school students and improve the quality of enrolment in training in the security industry 2) Promote a training plan for the field of IS to ensure the science, closely follow specific conditions in each school and the needs of developing human resources in the security sector in each period 3) Standardize the teaching staff in teaching subjects in the IT field to meet the objectives and requirements of IS training 4) Renew the training programs and content in the field of food security with a competency-based approach 5) cooperate with agencies and units using IT human resources in IS training Based on the proposed measures, the thesis has tested the necessity and feasibility of the measures The testing process is conducted in accordance with the process of educational management science The testing results are based on quantitative and qualitative analysis and the have primarily proved that the proposed measures are crucial and feasible; appropriate with the reality of different university presently CONCLUSIONS AND RECOMMENDATIONS Conclusions In the current period, the implementation of TM of IS at universities is a requirement, a task and a solution By giving an overview of the previous works related to training and training management of IT at universities overseas and in the country, the thesis proves itself to be is a non-duplicated scientific work with any works published previously; Simultaneously, the thesis also inherits and develops these works to fulfil its objectives and aims The thesis has analysed the theoretical basis of TM of IS at universities; conducting several surveys, and analysing the current situation of training and training management on IS at universities Accordingly, it can be concluded that: besides the achievements, there remain several limitations and shortcomings at every stage and every management content such as: in developing training plans; improving teachers’ knowledge and pedagogical capacity, program management, content, methods and related conditions It is considered as both the current situation and the cause leading to the fact that the quality of IS training fails to meet the goals and the requirements in the current context 24 In order to overcome the above problems, as well as contribute to improving the quality and effectiveness of e-management, the thesis proposes different measures, namely: 1) diversifies the forms of advertisement, enrolment advisories for high school students and improves the quality of enrolment in training in the security industry 2) Promote a training plan for the field of IS to ensure the science, closely follow specific conditions in each school and the needs of developing human resources in the security sector in each period 3) Standardize the teaching staff in teaching subjects in the IT field to meet the objectives and requirements of IS training 4) Renew the training programs and content in the field of food security with a competency-based approach 5) cooperate with agencies and units using IT human resources in IS training Additionally, in order to assess the correctness, feasibility, and effectiveness of the measures, measure has been conducted at Institute of Cryptography Technology After the testing process, by analysing results both qualitatively and quantitatively, it can be concluded that the proposed measures are reliable, necessary and feasible If the related subjects of TM of IS at universities accomplish measures mentioned above, the quality and effectiveness of TM of IS at schools will be improved, meeting the objectives and requirements set out and the quality of training in the current context Recommendations In order for the thesis to be effectively applied in the reality, the thesis’s author has proposed recommendations to the Ministry of Education and Training; recommendations to universities with IS training  ... Thanh; "Situation of high-tech human resources in Vietnam" by Do Thi Ngoc Anh; "Development of information technology human resources in Vietnam - Situation and solutions" by Nguyen Thi Thanh;... requirements of radical and comprehensive innovation" by Pham Thanh Khanh; "Structure of different types of higher education in the national education system" by Dang Ba Lam, Phan Huu Tiet and Nguyen Viet... Quality Assurance in European Higher Education" by Van Vught F.A and Westerheijden D.F; "Standards and Quality in Higher Education" by Brennan J., Vries p & Williams R; "Total quality management