While cybersecurity is a top priority for government agencies, the cybersecurity professionals that defend government networks aren’t often recognized as top priorities, according to a new report by the by the IBM Center for the Business of Government.

The report — A Best Practices Guide to Information Security – notes that the greatest resource organizations have when it comes to IT security is their own staff. Because of this, it is of upmost importance for organizations to first recognize this, then motive and educate them to become “protective stewards of information,” the report states. This will make security more effective than the design and implementation of any new technology.

"Despite increased attention to cybersecurity, limited funding for employee training presents a major challenge to organizations, especially government organizations," the report states. "Much of the attention that is given to cybersecurity now focuses more on deterring detrimental actions by employees than on encouraging positive actions."

It is important organizations move away from a negative approach to cybersecurity that is rooted in media coverage of negative security events in both the public and private sectors, the authors suggest. Instead, a positive approach to security should be fostered.

The report notes that 46 percent of employees have never received education in security education, training and awareness (SETA) from their organization. Agencies are advised to develop a SETA curriculum that emphasizes the what, the how, and the why of security: what security dangers are inside and outside the organization, how to handle security threats, and the reasons why agencies are focusing on specific security efforts.

“SETA programs must encourage employees to expand their view on security issues by exploring the consequences and actions to events that could happen, but are not normally experienced within a particular employee’s office role,” the report states.

The report also points to a number of best practices related to logging in/out, workspace security, email and Internet protection, document protection, identification and reporting of security matters and electronic device security.

Related News

Chandler Harris is a freelance business and technology writer located in Silicon Valley. He has written for numerous publications including Entrepreneur, InformationWeek, San Jose Magazine, Government Technology, Public CIO, AllBusiness.com, U.S. Banker, Digital Communities Magazine, Converge Magazine, Surfer's Journal, Adventure Sports Magazine, ClearanceJobs.com, and the San Jose Business Journal. Chandler is also engaged in helping companies further their content marketing needs through content strategy, optimization and creation, as well as blogging and social media platforms. When he's not writing, Chandler enjoys his beach haunt of Santa Cruz where he rides roller coasters with his son, surfs and bikes across mountain ranges.