Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Survey shows poor security awareness in Government sector

SecureInfo : 10 December, 2007  (Technical Article)
As few as 20% of surveyed Government sector workers believe IT security policies are adequately followed
SecureInfo has released its second Information Security Awareness Report, providing an independent, cross-agency, quantitative analysis on the impact of Information Security awareness on the government's security posture. By focusing exclusively on the Federal government worker's perspective, the Report provides a unique and often overlooked view into the effectiveness of Information Security awareness programs.

The report found that although 80 percent of government workers believe that Federal information systems face significant threats and that information security is important to agency leadership, government workers continue to violate information security policies. Twenty two percent of government workers believe their co-workers follow Information Security policies and procedures half the time or less. Furthermore, the majority of government workers are not held accountable for understanding information security policies and procedures. According to the Report, only 36% of government workers are held accountable for knowing Information Security policies and procedures via their annual performance evaluation.

"The nature of threats to our nation's information assets has changed," said Christopher Fountain, CEO of SecureInfo. "Modern day attackers have adopted stealthier techniques designed to exploit user trust. People, not technology, represent the most significant potential vulnerability to the information systems on which the government depends to fulfill its mission."

"The good news is government workers and their leadership understands the importance of information security. The bad news is workers seem to lack an understanding of the critical role they play in protecting information assets. There needs to be more accountability across the government workforce and a greater sense of urgency on the part of the Federal government to directly address this vulnerability," added Fountain.

The report had also found that Information security awareness training is not effective and not adequately measured for effectiveness. Among the 97 percent of government employees required to take information security training, only 48% of employees were tested throughout the year on what they learned in awareness training, and only 33% of those attending training remembered most (95% to 100%) of the material covered in training. More than half (54%) of government workers believe they would benefit from additional Information Security awareness training throughout the year.

In addition to the findings, the SecureInfo Information Security Awareness Report outlines specific recommendations for increasing Federal employee accountability, awareness and understanding of information security awareness:

Independently Test and Validate

* Establish an ongoing program to challenge and test awareness training.
* Include random evaluation of employees to determine the retention level of information security policy and procedures.

Include Information Security Awareness Measurement in Performance Appraisals

* Provide specific language regarding information security awareness into all performance appraisals.
* Hold government workers, not just the agencies, accountable for information security awareness effectiveness.

Measure and Report Effectiveness of Awareness Training Programs

* Measure government workers for information security awareness effectiveness.
* Require agency leadership to publicly report on the effectiveness of training programs.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo