Security training effective, survey says

Federal agencies are spending more money to train more employees than ever, but the majority of feds are not familiar with the Federal Information Security Management Act.

In a new survey by SecureInfo, 65 percent of respondents had not heard of the congressionally mandated information security law, and 40 percent of those who had heard of FISMA said it is a compliance headache. The company interviewed 85 civilian and Defense Department employees about their opinions of FISMA and whether it is making a difference.

Because of the recent focus on training and security, agencies are more secure than ever, according to 68 percent of respondents, and 63 percent said their agencies are more secure today than a year ago.

“Based on the survey, I do believe the government is more secure because of things such as two-factor authentication and the rollout of Homeland Security Presidential Directive 12,” said Christopher Fountain, SecureInfo’s president and chief executive officer. “A lot of things have been coming out [that] are important, and National Institute of Standards and Technology guidance and other publications talk about the people factor.”

“The clear problem is [that] most users are well meaning, and a very innocent act can create significant vulnerability. And a wide variety of acts like improperly handling backup data and a laptop being misplaced cause security breaches,” he said. “The question to us is if all this money is being spent on training, why are these incidents increasing?”

Ninety-two percent of respondents said they had received training in information technology security at least once in the previous 12 months. According to the Office of Management and Budget’s FISMA report to Congress, agencies spent more than $74 million on training in fiscal 2006.

Fountain said the best training involves penetration testing in which a private-sector company tries to break into the agency’s network via phishing or hacking.

“Agencies may need to increase their spending and the frequency of training or have other programs behind the training to ensure [employees] take it to heart,” Fountain said.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.