Security training effective, survey says

Federal agencies are spending more money to train more employees than ever, but the majority of feds are not familiar with the Federal Information Security Management Act.

In a new survey by SecureInfo, 65 percent of respondents had not heard of the congressionally mandated information security law, and 40 percent of those who had heard of FISMA said it is a compliance headache. The company interviewed 85 civilian and Defense Department employees about their opinions of FISMA and whether it is making a difference.

Because of the recent focus on training and security, agencies are more secure than ever, according to 68 percent of respondents, and 63 percent said their agencies are more secure today than a year ago.

“Based on the survey, I do believe the government is more secure because of things such as two-factor authentication and the rollout of Homeland Security Presidential Directive 12,” said Christopher Fountain, SecureInfo’s president and chief executive officer. “A lot of things have been coming out [that] are important, and National Institute of Standards and Technology guidance and other publications talk about the people factor.”

“The clear problem is [that] most users are well meaning, and a very innocent act can create significant vulnerability. And a wide variety of acts like improperly handling backup data and a laptop being misplaced cause security breaches,” he said. “The question to us is if all this money is being spent on training, why are these incidents increasing?”

Ninety-two percent of respondents said they had received training in information technology security at least once in the previous 12 months. According to the Office of Management and Budget’s FISMA report to Congress, agencies spent more than $74 million on training in fiscal 2006.

Fountain said the best training involves penetration testing in which a private-sector company tries to break into the agency’s network via phishing or hacking.

“Agencies may need to increase their spending and the frequency of training or have other programs behind the training to ensure [employees] take it to heart,” Fountain said.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.