Symantec - australia / new zealand
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

New Computer Challenge Launched to Assess Information Security Levels In the Public and Private Sectors

SYDNEY --NSW - December 11, 2002 -- The computer security levels of Australia's public and private sectors will come under close scrutiny early in the new year as a result of a National Challenge launched in Sydney today.

Backed by the Federal Government's National Office for the Information Economy (NOIE) and the Attorney-General's Department (AGD), the "Symantec 2003 Information Security Awareness Challenge", is aimed at improving levels of information security awareness and providing industry and government alike with detailed measurements of their relative strengths and weaknesses.

NOIE and the AGD see the Challenge as an "important first step" towards measuring the threats and vulnerabilities posed by the human factor on the security of the National Information Infrastructure (NII).

The Challenge is the brainchild of Melbourne-based Edusec, a workplace education company, and is sponsored by Symantec, the global leader in Internet security. The Challenge will run for one week between March 3 and March 7 next year, offering prize incentives such as a car to encourage the involvement of all employees. Companies wishing to participate can find more information and registration details at www.securitychallenge.com.au.

Participants of registered companies are required to answer multiple choice questions about security related computer operation and protocols. The Challenge software records the answers and time taken to complete the Challenge, with the fastest, most correct entry being the winner. Each registered company will receive a report that indicates which areas of the business may be vulnerable so appropriate action can be taken. The results in this report will be linked to departments, not individuals, so personal privacy will be maintained.

Edusec believes the heads of organisations that take up the Challenge may find the results sobering as they learn how many of their employees lack awareness and knowledge about computer security policy and procedures, and may be unwittingly careless or complacent.

Edusec Chief Executive Officer, Simon Hewitt, pointed out that preliminary tests of the software in half a dozen different business entities showed most people answered correctly fewer than half of a range of questions relating to computer security.

Some of the deficiencies identified in the tests included:

  • Computers left on without password protection while their users were absent from their desks;
  • Senior managers, including directors, who gave passwords to more junior assistants;
  • Complete lack of knowledge about what to do when a virus hits;
  • A willingness to be helpful and to provide information to persons who had no right to that information; and
  • An inability to continue key business processes in the event of a disaster.

John Donovan, Symantec's Managing Director Australia and New Zealand, says information security is now seen as mission-critical because breaches are very costly and cause damage to corporate reputation.

"The number, complexity and severity of Internet security threats continues to increase and protection against such threats is not just an IT issue. Every organisation or individual who is connected to the Internet could be unwitting participants in malicious cyber acts simply by not understanding and implementing the appropriate security requirements," said Mr Donovan.

"Symantec is involved in several initiatives around the world to raise Internet security awareness and education levels and the Security Awareness Challenge is a great local initiative that will further contribute to this objective."

In November 2001, the Prime Minister announced the formation of the Business-Government Task Force on Critical Infrastructure. In May this year, the Task Force recommended to the Prime Minister a range of public-private sector initiatives including:

  • Development of a program to study threats to the Critical Infrastructure; and
  • Building a learning network to improve systematic, strategic responses to threats to the Critical Infrastructure.

Accepting all the recommendations of the Task Force, the Attorney-General and the Minister for Communications, Information Technology and the Arts recently announced the formation of a Trusted Information Sharing Network. The new network will allow the owners and operators of critical infrastructure to share information in important issues including: business continuity, consequence management, information system attacks and vulnerabilities, and e-crime to help protect them from mishaps and malice.

Mr Hewitt said the reality for a majority of staff outside IT Departments was that information security was not seen as their problem. Few employees read the usual thick guidelines dossier if even they existed.

"When we set about considering the problem, we realised we had to break the mould. With the Challenge we are providing a means by which staff can interact and, importantly, be entertained by doing something which has a serious purpose. With fun, we created an environment that promotes growth of awareness, improved understanding and greater compliance."

"We have also been careful to comply with the need for both individual and company privacy provisions," Mr Hewitt added.

About Edusec
EDUSEC's charter is to have an immediate and demonstrable effect in raising security awareness levels across the nation and has evolved as a reaction to the lack of meaningful and effective security awareness programs available. There is a clear and present danger associated with this problem and a desperate need for effective solutions to address the ever increasing computer crime rates and failing information security policy awareness figures globally.

EDUSEC was primarily established to develop the 2003 Information Security Awareness Challenge and its components. A truly effective solution to the immediate needs of management in raising security awareness levels within their organisations.

About Symantec Australia
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.au