Largest Risk - Human Error

March 2003

The survey shows human error - not technical malfunction - to be the most significant cause of IT security breaches in the public and private sectors. With an overwhelming majority of respondents stating that IT training and certification have improved network security, the survey’s results strongly suggest that more training and certification for IT professionals will help business' become better protected against mounting cyber threats.

Because our findings also show that security-related training and certification have been underutilized with 80 percent of respondents saying that a lack of IT security knowledge, training or failure to follow security procedures were the root causes of human error.

Recently, the President unveiled his National Strategy to Secure Cyberspace, seeking to thwart a digital catastrophe through a series of industry-recognized recommendations. A significant portion of the Strategy focuses on ensuring America’s workforce receives better IT training. Getting the workforce more security-cognizant represents a key goal of the President’s Strategy, said briefing participant Andy Purdy, White House Cyberspace staff member, and former Senior Advisor to the President’s Critical Infrastructure Protection Board. Undeniably, when workers get IT security training, networks become less vulnerable.

Amplifying this, Congress has long urged federal agencies to take IT security seriously, especially in regard to calls for better IT training for staff and management. Increasingly, IT infrastructure, like web services and computer databases, help drive the government’s outreach to citizens, noted Congressman Adam Putnam, Chairman of the Technology & Information Policy Subcommittee (House Government Reform), and briefing keynote presenter. When government networks are sound, Americans can continue to receive the services they depend upon, even in the most challenging of circumstances.

The study surveyed 638 respondents from the public and private sectors. Among other things, the survey assessed security breach frequency and common causes, security resources, responsibility and enforcement practices, investment in security and certification, and steps taken in response to government regulatory and legislative mandates.

Other highlights from respondents show:



- 31 percent had experienced from one-to-three major security breaches - i.e., that caused real harm, resulted in confidential information taken, or interrupted business - in the last six months

- 22 percent said none of their IT employees have received security-related training; 69 percent have fewer than 25 percent of their IT staffs security-trained; and only 11% said that all of their IT employees have received security training

- 96 percent would recommend security training for their IT staff

- 73 percent would recommend more comprehensive security certification for their IT staff

- 66 percent believe that staff training/certification have improved their IT security, primarily through increased awareness, as well as through proactive risk identification

- 59 percent said that government security regulations are largely inappropriate, failing to adequately address the practical side of the problem

The connection between having more IT security training and making our IT networks more secure seems so obvious, yet it’s been largely overlooked. It’s just common sense. If the public and private sectors better train and certify their IT professionals, we’ll be safer from malicious cyber threats.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion