Posted by Virus Bulletin on Jan 1, 2007
Spear-phishing awareness training and testing for staff.
Personnel working for the US Coast Guard have been ordered to take phishing awareness training, while other US government agencies are putting their staffs' phishing avoidance abilities to the test.
In November, the US Department of Defense (DOD) mandated that all its personnel complete spear-phishing awareness training by 17 January. The Coast Guard has now followed suit, requiring its active-duty, reserve and auxiliary personnel, as well as contractors, to complete the training.
Meanwhile, US military services and agencies, including the Homeland Security Department and the Department of Veterans Affairs, are set to launch a series of phishing attacks against their own workers in a bid to test how well they adhere to email security policies.
The agencies will launch the diagnostic attacks using penetration testing software which will keep track of how many employees click on the 'malicious' links contained within the emails. Using that information, the agencies hope to be able to gauge the effectiveness of their IT security education programs. The diagnostic attacks are also planned to be used in the Labor, Energy and Agriculture departments, the National Institute of Standards and Technology, the US Agency for International Development, the US Courts and the US Postal Service.
Posted on 03 January 2007 by Virus Bulletin
