'Info security for the rest of us'

Information Security Awareness Certification site

The Information Technology Association of America is offering a certification program for workers who have computers but often do not consider security one of their responsibilities.

"This is what we're calling information security for the rest of us," said ITAA president Harris Miller.

The Information Security Awareness Certification is an online test for basic security awareness in eight areas: computer best practices, computer ethics and misuse, identification and data information theft, Internet best practices, passwords, physical security, sensitive information, and viruses and other harmful software.

ITAA developed the test in partnership with Brainbench Inc., a skills assessment company that also administers the test. Measuring the awareness of everyone across an organization according to a common standard should provide managers and clients — be they customers or citizens — greater assurance that security is taken seriously and understood, said Michael Russiello, chief executive officer of Brainbench.

"You can set a goal, and you can hold people accountable to that goal," he said.

Information security awareness for the common computer user is one of the top priorities for the Homeland Security Department's new National Cyber Security Division, and officials are looking to use, enhance and support initiatives that are under way in government and industry, Robert Liscouski, assistant secretary for infrastructure protection who oversees the new division, said at the June 6 briefing announcing the creation of the division.

ITAA is talking with officials from that organization to offer the new certification as one option for testing for increased awareness, Miller said.

"There's been a lot of talk about [security awareness]; this, we believe, will drive action," he said.

Rep. Sherwood Boehlert (R-N.Y.), chairman of the House Science Committee, agreed that while professional information security training is receiving attention and should be receiving funding — in part because of the Cyber Security Research and Development Act of 2002, which he co-sponsored — basic security awareness is just as necessary.

Boehlert's committee staff was one of the first organizations to receive certification under the new program, which means that at least 90 percent of his staff took the test and passed.