Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A2428-2003Jun16.html By Ellen McCarthy Washington Post Staff Writer Tuesday, June 17, 2003 When the office networks crash and work comes to a halt, there's probably an irresponsible co-worker somewhere in the building to blame. That's the sentiment many employees expressed in a survey on individual cybersecurity competence released today. Sixty-four percent of American workers referred to themselves as "interested and proactive" in protecting their office computer systems, but employees have significantly less confidence in their peers, according to a survey by the Information Technology Association of America and Brainbench, a Chantilly firm and ITAA member company that sells skill tests online. About 760 people responded to the Internet-based survey distributed in May, including 403 Americans. When asked about the contributions co-workers are making to protect workplace networks, only 35 percent of Americans said their peers know what to do and are doing it. The rest believe their peers are not aware of the issue, don't know how to deal with it or just won't bother. "Security is a function of people, processes and technology," said Mike Russiello, president of Brainbench. "Everybody recognizes that people are the weakest link." Two-thirds of employees believe their co-workers are a bigger threat to customer security than hackers, according to a survey of 500 people released earlier this month by Harris Interactive Inc. And even though 74 percent of those surveyed by Harris said the security protecting customer information on their companies' networks was secure, very secure or extremely secure, about 45 percent also said it would be easy, very easy or extremely easy for someone at work to remove sensitive customer data from the network. More than half of U.S. workers said their employers do an adequate job providing information about cybersecurity threats and protection methods, the Brainbench/ITAA poll said, but only 39 percent said their own knowledge of the issue was accrued on the job. In February, the Bush administration released a strategy for combating network attacks and viruses that suggests information sharing and cooperation among private corporations. To push corporations to take greater responsibility for employee training, the ITAA and Brainbench are introducing a new certification program requiring individuals to pass an Internet-based test on cybersecurity procedures. Once 90 percent of the employees have taken the test -- and 85 percent of those workers pass it -- the firm receives an Information Security Awareness Certification. "If people say, 'Oh, cybersecurity is important,' but then don't train people who are sitting at their desks or train them but don't test them, I don't think they are really indicating a serious commitment," said Harris N. Miller, ITAA president. "We want to give corporations and individuals the chance, through taking this test and getting this certification, to show they are really focused on cybersecurity." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 18 2003 - 03:12:25 PDT