"In the old adage that security is only as strong as the weakest link — the weakest link in many cases is people," wrote Prabhat Agarwal of INPUT, a firm that focuses on government business analysis.
"In fact, user error accounted for the most recent and well publicised data loss incidents in the federal government. Federal government employees and contractors often do not realise the value of the information they are accessing or viewing on their systems."
Yearly security awareness training is already a requirement for government agencies under the Federal Information Security Act of 2002 (FISMA). But Agarwal said agencies will ramp up their training spending as more federal security breaches spur on Congress to to quiet public uproar.
"With political parties identifying hot topics in anticipation of the November 2008 election, [attention to] information security currently sits dormant, waiting for the next information security breach to occur in the federal government," he said.
"And if a breach were to occur [particularly one including US citizen data], the Democrats will be first in line to hold hearings, point fingers at the Republicans, and issue legislation requiring stringent practices for securing government-held data [that] would include training and awareness programs for government workers and contractors."
Agarwal estimated that the government will spend US$122 million on security awareness training in 2007.
US to spend US$687on security awareness
By Ericka Chickowski on Feb 23, 2007 4:37AM