'Info security for the rest of us'

Information Security Awareness Certification site

The Information Technology Association of America is offering a certification program for workers who have computers but often do not consider security one of their responsibilities.

"This is what we're calling information security for the rest of us," said ITAA president Harris Miller.

The Information Security Awareness Certification is an online test for basic security awareness in eight areas: computer best practices, computer ethics and misuse, identification and data information theft, Internet best practices, passwords, physical security, sensitive information, and viruses and other harmful software.

ITAA developed the test in partnership with Brainbench Inc., a skills assessment company that also administers the test. Measuring the awareness of everyone across an organization according to a common standard should provide managers and clients — be they customers or citizens — greater assurance that security is taken seriously and understood, said Michael Russiello, chief executive officer of Brainbench.

"You can set a goal, and you can hold people accountable to that goal," he said.

Information security awareness for the common computer user is one of the top priorities for the Homeland Security Department's new National Cyber Security Division, and officials are looking to use, enhance and support initiatives that are under way in government and industry, Robert Liscouski, assistant secretary for infrastructure protection who oversees the new division, said at the June 6 briefing announcing the creation of the division.

ITAA is talking with officials from that organization to offer the new certification as one option for testing for increased awareness, Miller said.

"There's been a lot of talk about [security awareness]; this, we believe, will drive action," he said.

Rep. Sherwood Boehlert (R-N.Y.), chairman of the House Science Committee, agreed that while professional information security training is receiving attention and should be receiving funding — in part because of the Cyber Security Research and Development Act of 2002, which he co-sponsored — basic security awareness is just as necessary.

Boehlert's committee staff was one of the first organizations to receive certification under the new program, which means that at least 90 percent of his staff took the test and passed.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.