INPUT expects the US Department of Defense and Civilian Agencies to spend US$690 million on IT security education and awareness programs over the next five years, according to a recent report released by INPUT, the authority on government business.  The report says that US federal agencies recognize that a sound IT security program begins with a security-aware workforce that is educated in identifying cyber attacks.  “Both defense and civilian agency employees are the target of increasingly sophisticated attacks designed to mislead even expert computer users,” said Prabhat Agarwal, manager of Information Security at INPUT.   “This has resulted in an increased risk of data theft, which is further compounded by the lack of security awareness and education in the federal workforce.  All of this could lead to greater congressional scrutiny and agencies will be in the hot seat to improve information security education and awareness programs.  The fact that OMB has also selected security awareness training as one of the first security lines of businesses drives home this point,” said Agarwal.  According to the report, the US Federal Information Security Management Act (FISMA) currently mandates that US federal agencies provide security awareness and training to employees on an annual basis.  However, this level of frequency is not adequate to create security awareness in the minds of the workforce.  A successful education program must be conducted regularly and include frequent and random testing -- at a minimum of every few months, the report suggests.  “The effectiveness of FISMA-compliant security awareness programs will be measured by the new Congress in direct proportion to the number of security breaches occurring across the federal government,” said Agarwal.  The report also says that US federal agencies are beginning to establish department-wide policies on security training.

For more information, please send your e-mails to swm@infothe.com.

ⓒ2007 www.SecurityWorldMag.com. All rights reserved.