Feds to Spend $690 Million on IT Security Education, Awareness
The Department of Defense and Civilian Agencies is expected to spend $690 million on IT security education and awareness programs over the next five years, according to a recent report released by INPUT, a provider of government business information. The report says that federal agencies recognize that a sound IT security program begins with a security-aware workforce that is educated in identifying cyber attacks.
“Both defense and civilian agency employees are the target of increasingly sophisticated attacks designed to mislead even expert computer users,” said Prabhat Agarwal, manager of Information Security at INPUT. “This has resulted in an increased risk of data theft, which is further compounded by the lack of security awareness and education in the federal workforce. All of this could lead to greater congressional scrutiny and agencies will be in the hot seat to improve information security education and awareness programs. The fact that OMB has also selected security awareness training as one of the first security lines of businesses drives home this point,” said Agarwal.
According to the report, the Federal Information Security Management Act (FISMA) currently mandates that federal agencies provide security awareness and training to employees on an annual basis. However, this level of frequency is not adequate to create security awareness in the minds of the workforce. A successful education program must be conducted regularly and include frequent and random testing – at a minimum of every few months, the report suggests. “The effectiveness of FISMA-compliant security awareness programs will be measured by the new Congress in direct proportion to the number of security breaches occurring across the federal government,” said Agarwal.
The report also says that federal agencies are beginning to establish department-wide policies on security training. For example, the Department of Defense recently mandated all employees to complete “phishing” training by January 17, 2007, as a first line of defense against sophisticated hackers who use customized and personalized spear phishing attacks. Similar department-wide training and educational mandates are expected to be established across other branches of the federal government.
For more information on INPUT, click here.