Experts repeat: Security is a people'not technology'problem

A survey released today by the Computing Technology Industry Association showed that nearly two-thirds of reported security breaches were primarily the result of human error.

The results match the findings of a new House panel focusing on IT, said Rep. Adam Putnam (R-Fla.)

'Most of the problems associated with cybersecurity are management issues,' said Putnam, chairman of the new House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. 'It's a people problem.'

Putnam spoke at a meeting about IT security and work force issues hosted in Washington by the Computing Technology Industry Association of Oakbrook Terrace, Ill.

Both industry and government officials stressed the need for more education and certification of IT professionals, especially in security. But calling for education is one thing and paying for it is another, the speakers said.

'We're thrilled that they're giving attention to this,' said Timothy Grance, manager of the Systems and Network Security Group in the National Institute of Standards and Technology's Computer Security Division. 'We'd be even happier if they'd appropriate money.'

Grance said training is a cost-efficient way to help IT administrators secure systems. Changing an infrastructure is complex and expensive. But 'there is a lot of low-hanging fruit out there' that could improve security with the proper priorities and adequate personnel training, he said.

The IT security of executive branch agencies will continue to receive congressional scrutiny. Putnam said his subcommittee would hold its first hearing on cybersecurity April 8 and would continue to issue annual report cards on security, a practice started by retired Rep. Steve Horn (R-Calif.).

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.