Security training effective, survey says

Federal agencies are spending more money to train more employees than ever, but the majority of feds are not familiar with the Federal Information Security Management Act.

In a new survey by SecureInfo, 65 percent of respondents had not heard of the congressionally mandated information security law, and 40 percent of those who had heard of FISMA said it is a compliance headache. The company interviewed 85 civilian and Defense Department employees about their opinions of FISMA and whether it is making a difference.

Because of the recent focus on training and security, agencies are more secure than ever, according to 68 percent of respondents, and 63 percent said their agencies are more secure today than a year ago.

“Based on the survey, I do believe the government is more secure because of things such as two-factor authentication and the rollout of Homeland Security Presidential Directive 12,” said Christopher Fountain, SecureInfo’s president and chief executive officer. “A lot of things have been coming out [that] are important, and National Institute of Standards and Technology guidance and other publications talk about the people factor.”

“The clear problem is [that] most users are well meaning, and a very innocent act can create significant vulnerability. And a wide variety of acts like improperly handling backup data and a laptop being misplaced cause security breaches,” he said. “The question to us is if all this money is being spent on training, why are these incidents increasing?”

Ninety-two percent of respondents said they had received training in information technology security at least once in the previous 12 months. According to the Office of Management and Budget’s FISMA report to Congress, agencies spent more than $74 million on training in fiscal 2006.

Fountain said the best training involves penetration testing in which a private-sector company tries to break into the agency’s network via phishing or hacking.

“Agencies may need to increase their spending and the frequency of training or have other programs behind the training to ensure [employees] take it to heart,” Fountain said.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.