From: InfoSec News (isnc4i.org)
Date: Wed Jun 18 2003 - 02:58:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: William Knowles <wkc4i.org>

http://www.washingtonpost.com/wp-dyn/articles/A2428-2003Jun16.html

By Ellen McCarthy
Washington Post Staff Writer
Tuesday, June 17, 2003

When the office networks crash and work comes to a halt, there's
probably an irresponsible co-worker somewhere in the building to
blame. That's the sentiment many employees expressed in a survey on
individual cybersecurity competence released today.

Sixty-four percent of American workers referred to themselves as
"interested and proactive" in protecting their office computer
systems, but employees have significantly less confidence in their
peers, according to a survey by the Information Technology Association
of America and Brainbench, a Chantilly firm and ITAA member company
that sells skill tests online. About 760 people responded to the
Internet-based survey distributed in May, including 403 Americans.

When asked about the contributions co-workers are making to protect
workplace networks, only 35 percent of Americans said their peers know
what to do and are doing it. The rest believe their peers are not
aware of the issue, don't know how to deal with it or just won't
bother.

"Security is a function of people, processes and technology," said
Mike Russiello, president of Brainbench. "Everybody recognizes that
people are the weakest link."

Two-thirds of employees believe their co-workers are a bigger threat
to customer security than hackers, according to a survey of 500 people
released earlier this month by Harris Interactive Inc. And even though
74 percent of those surveyed by Harris said the security protecting
customer information on their companies' networks was secure, very
secure or extremely secure, about 45 percent also said it would be
easy, very easy or extremely easy for someone at work to remove
sensitive customer data from the network.

More than half of U.S. workers said their employers do an adequate job
providing information about cybersecurity threats and protection
methods, the Brainbench/ITAA poll said, but only 39 percent said their
own knowledge of the issue was accrued on the job.

In February, the Bush administration released a strategy for combating
network attacks and viruses that suggests information sharing and
cooperation among private corporations.

To push corporations to take greater responsibility for employee
training, the ITAA and Brainbench are introducing a new certification
program requiring individuals to pass an Internet-based test on
cybersecurity procedures. Once 90 percent of the employees have taken
the test -- and 85 percent of those workers pass it -- the firm
receives an Information Security Awareness Certification.

"If people say, 'Oh, cybersecurity is important,' but then don't train
people who are sitting at their desks or train them but don't test
them, I don't think they are really indicating a serious commitment,"
said Harris N. Miller, ITAA president. "We want to give corporations
and individuals the chance, through taking this test and getting this
certification, to show they are really focused on cybersecurity."

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]