Cybersecurity Starts in the Office

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A2428-2003Jun16.html

By Ellen McCarthy
Washington Post Staff Writer
Tuesday, June 17, 2003

When the office networks crash and work comes to a halt, there's 
probably an irresponsible co-worker somewhere in the building to 
blame. That's the sentiment many employees expressed in a survey on 
individual cybersecurity competence released today. 

Sixty-four percent of American workers referred to themselves as 
"interested and proactive" in protecting their office computer 
systems, but employees have significantly less confidence in their 
peers, according to a survey by the Information Technology Association 
of America and Brainbench, a Chantilly firm and ITAA member company 
that sells skill tests online. About 760 people responded to the 
Internet-based survey distributed in May, including 403 Americans.

When asked about the contributions co-workers are making to protect 
workplace networks, only 35 percent of Americans said their peers know 
what to do and are doing it. The rest believe their peers are not 
aware of the issue, don't know how to deal with it or just won't 
bother. 

"Security is a function of people, processes and technology," said 
Mike Russiello, president of Brainbench. "Everybody recognizes that 
people are the weakest link."

Two-thirds of employees believe their co-workers are a bigger threat 
to customer security than hackers, according to a survey of 500 people 
released earlier this month by Harris Interactive Inc. And even though 
74 percent of those surveyed by Harris said the security protecting 
customer information on their companies' networks was secure, very 
secure or extremely secure, about 45 percent also said it would be 
easy, very easy or extremely easy for someone at work to remove 
sensitive customer data from the network. 

More than half of U.S. workers said their employers do an adequate job 
providing information about cybersecurity threats and protection 
methods, the Brainbench/ITAA poll said, but only 39 percent said their 
own knowledge of the issue was accrued on the job. 

In February, the Bush administration released a strategy for combating 
network attacks and viruses that suggests information sharing and 
cooperation among private corporations. 

To push corporations to take greater responsibility for employee 
training, the ITAA and Brainbench are introducing a new certification 
program requiring individuals to pass an Internet-based test on 
cybersecurity procedures. Once 90 percent of the employees have taken 
the test -- and 85 percent of those workers pass it -- the firm 
receives an Information Security Awareness Certification.

"If people say, 'Oh, cybersecurity is important,' but then don't train 
people who are sitting at their desks or train them but don't test 
them, I don't think they are really indicating a serious commitment," 
said Harris N. Miller, ITAA president. "We want to give corporations 
and individuals the chance, through taking this test and getting this 
certification, to show they are really focused on cybersecurity."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.