Government agencies take anti-phishing action
Spear-phishing awareness training and testing for staff.
Personnel working for the US Coast Guard have been ordered to take phishing
awareness training, while other US government agencies are putting their
staffs' phishing avoidance abilities to the test.
In November, the US Department of Defense (DOD) mandated that all its
personnel complete spear-phishing awareness training by 17 January. The
Coast Guard has now followed suit, requiring its active-duty, reserve and
auxiliary personnel, as well as contractors, to complete the training.
Meanwhile, US military services and agencies, including the Homeland
Security Department and the Department of Veterans Affairs, are set to
launch a series of phishing attacks against their own workers in a bid to
test how well they adhere to email security policies.
The agencies will launch the diagnostic attacks using penetration testing
software which will keep track of how many employees click on the
'malicious' links contained within the emails. Using that information, the
agencies hope to be able to gauge the effectiveness of their IT security
education programs. The diagnostic attacks are also planned to be used in
the Labor, Energy and Agriculture departments, the National Institute of
Standards and Technology, the US Agency for International Development, the
US Courts and the US Postal Service.
03 January 2007
Tags:
del.icio.us 
digg this
