Car, Cash Await IT Security Know-All

More than 30 Australian companies have registered for a national, federal government supported 'Security Challenge' that will formally measure the level of end user IT security awareness. Companies have been invited to register for the computer-based competition to test the level of employee awareness of information security. Results will be provided to participating organisations to let them identify their own strengths and weaknesses.

The results will also be made available to the federal attorney general's department and the National Office for the Information Economy (NOIE) which are supporting the national challenge to be held from March 3 to 7.

The challenge will also be rolled out in the UK and the US in late March, according to organiser Edusec CEO Simon Hewitt who has been liaising with the White House on initiatives to raise IT security awareness across the globe.

Melbourne-based Edusec has partnered with Symantec to run the challenge offering some big prizes to drive participation including a new car and $10,000 cash.

Hewitt said software has already been provided with registered companies to begin the challenge on March 3; employees will be invited to respond to 37 scenarios representing various degrees of threat with multiple choice answers.

Hewitt expects employees to improve their results by week's end but the prize winners have to get all 37 questions correct and answer them in the shortest possible time-frame.

Issues covered in the challenge include correct use of passwords, computer viruses, disaster recovery and privacy compliance.

"The questions are vital for business security and the results will then be given to the participating organisation as an assessment report they can actually use to secure their company. White House support has also been positive as this is a simple and direct way to test the awareness of users," Hewitt said.

"Too many companies needlessly pursue a strategy of spending money on ever-new technology as the main answer to their security needs, but these investments are compromised if staff do not receive education and training. Businesses are sitting on a time bomb that could go off."

Federal IT Minister Senator Richard Alston described the challenge as a step in the right direction.

"Technology is not the panacea for the information security threat; steps to improve basic safeguards and staff competency are critical to maximise the benefits of any investment in technology," he said.