Federal workers tasked with daily cybersecurity duties are less confident than their bosses about their agencies' ability to withstand a cyber attack, says a new survey.

The Ponemon Institute, funded by CA, conducted an independent sample, web-based survey of 320 federal information technology and cybersecurity practitioners and compared results to an earlier survey of 217 federal IT executives.

The results show that rank-and-file employees are more concerned about agency cyber attack defenses than executives and that the two groups have different priorities. For example, practitioners see privileged user restrictions as more important than executives. 

"The widest gaps between executives and rank-and-file employees appear to occur within organizations that require excellence in security--especially respondents in the Department of Homeland Security and Department of Defense," the report notes.

Among the greatest of differences was confidence that agency security programs are adequately managed; 43 percent of the rank-and-file were "very confident" or "confident" that security programs are well managed, whereas 63 percent of executives were so inclined.

When it comes to technology, one large difference is in the importance of firewalls. Among the rank-and-file, 64 percent said firewalls are very important, whereas only 38 percent of executives said so. Asked to identify where the most serious threats are located, the greatest difference was with databases--59 percent of the rank-and-file identified databases, while only 25 percent of executives did so.

The differences matter because gaps in perception and priority "may lead to difficulties in managing threats, misallocating resources and missing opportunities to meet mission-critical objectives," wrote study author Larry Ponemon.

For more:
- read the survey (.pdf)
- check out FierceGovernmentIT's cybersecurity coverage

Related Articles:
GAO: TIC, Einstein success is dependent on OMB, DHS guidance
FDCC tough to implement, says GAO
SSL traffic vulnerable to government-sponsored man-in-the-middle attack