Despite Government Data Losses, Security Education Spending Not Growing
Out of an annual IT security budget of $5.6 billion, the U.S. is spending $140 million to $150 million annually on security awareness and training.
February 22, 2007
While laptop and data loss continue to plague government agencies, a new report shows that federal spending on user education remains stagnant.
Out of an annual IT security budget of $5.6 billion, the United States is spending $140 million to $150 million annually on security awareness and training, according to Prabhat Agarwal, manager of Information Security Analysis for Input, a government-focused market research and analysis house. That user education number is expected to hold steady through 2012.
Agarwal estimates that government employs between 6 million and 10 million people.
Agarwal says spending on education just isn't where it needs to be, especially in light of the recent report that shows the FBI loses three to four laptops a month, and the Department of Veterans Affairs' ongoing struggle with data loss.
"It will lag where it is until or when another incident occurs," he says. "It's a very event-driven market. [Data loss] is happening more than it's being reported. It's all a question of spending priorities. ...It's a resource issue."In his report, Agarwal says users are the weakest link in the government's security -- much like they are in the corporate world. For the government, though, the Federal Information Security Management Act requires agency employees to pass an IT security awareness exam at least once a year. Along with that, the Committee on National Security Systems issued Directive No. 500 last summer that mandates a minimum standard for education, training, and awareness across the federal government.
Agarwal says many government agencies are taking a technical approach to protecting their data. Government IT managers are taking some of the responsibility out of workers' hands and setting up more automatic safeguards, such as ID management and automatic hard disk encryption.
"I call information security the item sitting in the back closet waiting to be revealed," he says. "It will be revealed when another VA computer loss type of incident occurs."
Read more about:
2007You May Also Like