Computer Security Awareness Training

With the new Presidential administration focusing on cybersecurity, many federal agencies and organizations face increasing pressure to comply with mandates and meet security compliance.

Barbara DePompa wrote a great article for FederalComputerWeek this morning, listing the Top Ten Security Insights from Government IT Executives.

In summary, the results of this 1105 survey included:

• Intrusion detection and prevention (IDS/IPS): Over 53% of surveyed IT Execs said that intrusion detection, access control, and identity management were a top concern.
• Staff Training in Cybersecurity: 60% said they would implement security training in the coming months, implementing stronger security procedures this year and training users in security awareness and practice. Barbara points out, “That’s because a lack of security awareness among employees can lead to leakage of classified or sensitive information, especially through personal emails and ‘social engineering’ schemes. Misconfigured systems also present vulnerabilities and can occur from experimentation, accidental employee actions, allowing security fixes to get out of date and failure to periodically review policies.”
  
• National Cybersecurity Initiative: This initiative has three elements:
  • Technical standards for using, storing and destroying cryptographic keys that grant access to authorized individuals on encrypted networks and systems
  • Development of multifactor authentication methods requiring users to verify their identity through multiple methods
  • Extension of the FDCC to optimize security across operating systems, applications, and network devices.
• Migration to Trusted Internet Connections: With an increasing number of internet-based attacks, federal agencies have reduced the number of public internet access points from over 5,000 to less than 100 in the upcoming year in response to the OMB’s Trusted Internet Connection (TIC) mandate.
• Collaboration with Public/Private Sectors for Awareness: This issue was considered key because without information sharing, important clues for prevention are unable to be used effectively in saving lives and protecting national security.
• Managing Security of Mobile Devices: More and greater encryption technologies and stronger physical security measures were key areas mentioned.
• Protecting Critical Infrastructure: Forty-two percent placed great priority on the need to protect critical infrastructure against cyber attacks, including supply chain, power supply, utilities, biohazard monitoring, and other concerns. This concern seems to be impacted by the increasing attacks on government systems and networks by foreign nations looking for intelligence, including China and Russia, criminal groups, and terrorist activity.
• Securing Cloud Networks: With a growing use of virtualized infrastructures and cloud computing environments, More than a third of the survey’s respondents were concerned that these areas have not been properly addressed.
• The Role of the Chief Security Officer (CSO): Over 87% of respondents’ agencies have named a CSO, a growing role since the 2002 Federal Information Security Act was passed by Congress, with OMB and NIST leading the effort. As Barbara points out, “The CSO’s job is to provide the overall leadership, strategic planning and vision for an effective cyber security program within an agency or department. To be empowered in any government organization, industry observers maintain that the CSO must be successful in convincing agency leadership of the importance of security.”

Overall focus on upgrading physical security, securing mobile devices and protecting critical infrastructure seems to point to a convergence of physical and IT security.

Subscribe to the CyberSecurity Training and Awareness blog to be the first to learn about future Cybersecurity News, and Security Awareness Training solutions.