Melbourne-based security consultant, Edusec, has dreamed up an “incentivised game” in a bid to entice Australian businesses to test their IT security procedures.
And the carrot at the end of the string? The chance of taking home a car, cash or a home entertainment system.
With the backing of security vendor, Symantec, and a $10,000 investment from the National Office for the Information Economy, Edusec is inviting businesses of all sizes to partake in the Symantec 2003 Information Security Awareness Challenge (www.securitychallenge.com.au).
According to Edusec CEO, Simon Hewitt, the challenge is designed to test the security awareness of everybody within an organisation from the receptionist to the managing director, instead of singling out the IT department.
“We’re trying to change the security discussion to adherence to policy rather than just product which is only one piece of the puzzle,” he said.
Participants will gain some “fairly detailed information coming out the back end of the challenge” according to Hewitt, making the $2,500 registration fee money well spent.
Deficiencies identified by the test include PCs left on without password protection while users are absent from their desks; senior managers who issue their passwords to junior assistants; knowledge (or lack) of what to do when a virus hits; and the ability (or inability) to continue key business processes in the event of a disaster.
“It offers a conclusive benchmark study for management which can permanently and positively influence behaviour,” said Hewitt. “It allows the participant to measure their security spend in so that they can see how effective their IT policy is.”
The results will be collated by Edusec. Being sensitive to businesses requirement for privacy, Hewitt assures that necessary steps are in place to protect the identity of companies and possible vulnerabilities in their systems.
Symantec will also have access to the research in return for its “significant financial contribution” to the project, however, it will not be able to view the individual performance of organisations.
The performance of individual staff will also be protected, even against employers.
The Security Challenge runs from March 3-7. Registrations close on February 20.