Security training effective, survey says

Federal agencies are spending more money to train more employees than ever, but the majority of feds are not familiar with the Federal Information Security Management Act.

In a new survey by SecureInfo, 65 percent of respondents had not heard of the congressionally mandated information security law, and 40 percent of those who had heard of FISMA said it is a compliance headache. The company interviewed 85 civilian and Defense Department employees about their opinions of FISMA and whether it is making a difference.

Because of the recent focus on training and security, agencies are more secure than ever, according to 68 percent of respondents, and 63 percent said their agencies are more secure today than a year ago.

“Based on the survey, I do believe the government is more secure because of things such as two-factor authentication and the rollout of Homeland Security Presidential Directive 12,” said Christopher Fountain, SecureInfo’s president and chief executive officer. “A lot of things have been coming out [that] are important, and National Institute of Standards and Technology guidance and other publications talk about the people factor.”

“The clear problem is [that] most users are well meaning, and a very innocent act can create significant vulnerability. And a wide variety of acts like improperly handling backup data and a laptop being misplaced cause security breaches,” he said. “The question to us is if all this money is being spent on training, why are these incidents increasing?”

Ninety-two percent of respondents said they had received training in information technology security at least once in the previous 12 months. According to the Office of Management and Budget’s FISMA report to Congress, agencies spent more than $74 million on training in fiscal 2006.

Fountain said the best training involves penetration testing in which a private-sector company tries to break into the agency’s network via phishing or hacking.

“Agencies may need to increase their spending and the frequency of training or have other programs behind the training to ensure [employees] take it to heart,” Fountain said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.