Albuquerque, New Mexico (PressExposure) March 22, 2011 -- Threats emanating from the Internet pose threat to security, integrity and confidentiality of information pertaining to individuals, business organizations and government agencies. Recently, the Office of Management and Budget (OMB) presented the annual report on implementation of the Federal Information Security Management Act (FISMA), 2002 to the United States (U.S) Congress.
The report found that while there was a marginal decline in the number of computer security incidents reports received by U.S Computer Emergency Readiness Team (CERT), the number of complaints pertaining to federal incidents rose from around 30,000 in 2009 to 41,776 in 2010. Around 31% of the federal incidents were caused by malicious code execution, followed by improper usage and unauthorized access. Phishing attacks constituted more than fifty two percent of the total incident reports received by US-CERT from federal agencies, state governments, individuals and business organizations. Agencies covered by the CFO Act reported a total spending of around $12 billion on IT security. The spending includes cost of IT and information assurance personnel, testing costs, training costs and implementation of certification and accreditation requirements.
The U.S faces shortage of skilled IT professionals qualified in computer science degree, masters of security science [http://www.eccuni.us/Academics/MasterofSecurityScience.aspx], penetration testing, system administration, network administration, security audit, computer forensics and incident management. The report emphasizes on the importance of skilled information security force. The report notes that Office of the Personnel Management is currently evolving a cyber security competency model to recruit and retain cyber security specialists for current and future requirements.
The report acknowledges the importance of training to improve the defenses of networks, computer systems and databases. Most of the threats require user intervention to succeed. Cyber security education is crucial to create awareness among employees on safe computing practices, online threats, incident response and preventive measures. Awareness could be created through video tutorials, training sessions, IT online degree and e-learning programs. The report finds that around one-third of the federal agencies are organizing training programs at regular intervals of less than 30 days.
Federal agencies also conduct specialized annual cyber security training programs for IT professionals with significant security responsibilities. The report finds that on an average 88% of professionals with significant security responsibilities across all agencies are provided specialized annual cyber security training.
Training is important to enable IT professionals to deal with proactive threats in the cyberspace. In addition to the training programs, IT professionals could also be encouraged to undertake online university degree courses on information security and data protection.