The current threat environment is daunting enough that even agencies of the federal government are taking serious note of it. The Department of Veterans Affairs has announced a plan to shut down access to its network for employees who have not updated their skills regarding privacy and security. The move comes as part of a general effort to improve the training in security skills routinely offered to both workers for the VA and outside contractors who use the VA's computer network in some fashion.
Roger Baker, the Chief Information Officer for the VA has noted that the agency has typically had a 95 percent rate for yearly security training. While that rate may sound quite impressive, it was not sufficient to satisfy Baker, who has taken steps to raise it. The rate for the last few months has reached 97 percent, and Baker has indicated that his goal is higher still: 99 percent of the 450,000 people who use the VA's systems.
"We've been focused for the last several months at the VA on a significant step-up in our information security and information protection," commented Baker, who emphasized that training requires a demonstration of content mastery. Trainees "watch the video; get asked questions about what is the right thing to do and then a review of whether or not you answered the questions correctly." After passing a test, workers and contractors are awarded a certificate and are asked to sign a security agreement specifying the rules for using the VA network.
Businesses that need to address training needs for their own employees should consider working with an IT consulting firm to develop a series of lessons that are pertinent to the security needs and challenges in their particular computer environment.