Government workers in South Australia are getting briefed on security threats such as social engineering calls and emails as part of an awareness campaign.
SA government CIO Andrew Mills said the campaign is about helping business people assess the risks of what they are doing.
For example, call centre staff have been trained on what to do if they receive a calls from someone who is trying to get information about government workers in order to engage in social engineering scams.
South Australian government readies new IT strategy
Top four tips to improve your security program
Secuirty threats explained; social engineering
“The best measure we have that the program is working is a notify incident process within government,” he said. “We are getting more incident reports because people are aware of the threats.”
However, the reports also indicate that social engineering calls and email approaches are getting more sophisticated.
“We want to get the balance right with making people aware but not to the stage where they are so totally worried that they can’t do their job,” Mills said.
He added that the SA government has developed deep resilience within its networks.
“We can’t stop all the attacks so we need to get better in how we react.”
To help IT staff react to incidents, the government works with non-profit security training organisation ISACA.
“Professional certification provides assurance that our information security professionals possess the body of knowledge required in our complex environment,” he said.
“Certification by bodies such as ISACA demonstrates knowledge, in particular experience in IT security.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia