VA Ramps Up Security TrainingWill Deny Network Access to Those Lacking Updated Education
The Department of Veterans Affairs is ramping up its privacy and security training efforts and plans to eventually deny network access to those who have not had training within the past year.
The stepping up of training is one component of the VA's Continuous Readiness and Information Security Program, says Roger Baker, CIO. VA leaders decided that the department's 95 percent compliance rate for annual training "was not sufficient," he notes. Some 450,000 individuals, including 315,000 employees and 135,000 contractors, have access to the VA network.
In recent months, training compliance has increased to 97 percent, Baker says, and the goal is to achieve 99 percent compliance.
"We've been focused for the last several months at the VA on a significant step-up in our information security and information protection," Baker says, requiring all facilities to make sure that all processes, including training, are followed.
The training features online videos "offering vignettes about different situations that individuals may find themselves in relative to information protection," Baker says. Many of these security scenarios are based on real-world cases at the VA, he notes.
"The training is to watch the video, get asked questions about what is the right thing to do and then a review of whether or not you answered the questions correctly," Baker explains. Those who pass the test receive a certificate and sign a "rules of behavior" document for accessing the VA network.
The renewed emphasis on training "is one example of how we're buttoning down our processes to ensure our network is completely secure," Baker adds.