The government will spend more than $687 million on security awareness training within agency ranks over the next five years, an analyst predicted this week.
"In the old adage that security is only as strong as the weakest link — the weakest link in many cases is people," wrote Prabhat Agarwal of INPUT, a firm that focuses on government business analysis. "In fact, user error accounted for the most recent and well publicized data loss incidents in the federal government. Federal government employees and contractors often do not realize the value of the information they are accessing or viewing on their systems."
Yearly security awareness training is already a requirement for government agencies under the Federal Information Security Act of 2002 (FISMA). But Agarwal said agencies will ramp up their training spending as more federal security breaches spur on Congress to quiet public uproar.
"With political parties identifying hot topics in anticipation of the November 2008 election, [attention to] information security currently sits dormant, waiting for the next information security breach to occur in the federal government," he said. "And if a breach were to occur [particularly one including U.S. citizen data], the Democrats will be first in line to hold hearings, point fingers at the Republicans, and issue legislation requiring stringent practices for securing government-held data [that] would include training and awareness programs for government workers and contractors."
Agarwal estimated that the government will spend $122 million on security awareness training in 2007.
Click here to email West Coast Bureau Chief Ericka Chickowski.