HUMAN ERROR CAUSES MAJORITY OF IT SECURITY BREACHES, COSTS U.S. ECONOMY BILLIONS OF DOLLARS

BUFFALO, New York, September 28, 2004 - Statistics show that 80 percent of identified information security breaches are caused by human error. This is due to lack of information assurance knowledge and proper training, as well as the failure to follow security procedures. The Computer Security Institute and the FBI recently reported that an insider attack against a large company could cause an average loss of $2.7 million in damages. In fact, earlier this year the MyDoom virus, which was noted as the fastest spreading Internet virus to date, caused $22.6 billion in damages in its first 72 hours. Acutely aware of these threats, New Horizons Computer Learning Centers (Nasdaq: NEWH) has been offering its Information Security Training Program since January 2002 to help government and private organizations worldwide achieve information assurance readiness.

More than just training, information assurance readiness is a process that includes protecting key digital assets and capabilities, detecting attacks and malicious actions, responding with rapid notification and reaction, and recovering with disaster and business continuity planning. "The single biggest weakness in the nation's critical infrastructure is people," said Martin Bean, chief operating officer of New Horizons. "The ultimate solution to this problem is the training and re-training of every person in an organization that touches a computer."

Due to the current state of vulnerability in the United States, information assurance has become a strategic imperative for the Department of Defense and related Federal agencies. In the wake of the September 11, 2001 tragedy, Congress moved to strengthen the protection of the nation's computer networks. Recognizing the highly networked nature of the current federal computing environment, Congress took steps to provide effective government-wide management and oversight of the related information security risks. On December 17, 2002, the Federal Information Security Management Act (FISMA) became law requiring that all full time and part time military, civilian, contractors and foreign nationals with access to networks receive specific security training based on the level of risk inherent in their position.

According to recent Congressional reports however, approximately 85 percent of the nation's critical infrastructure is owned or controlled by the private sector. Although the U.S. government has taken steps to protect its own information security by enacting FISMA, its mandatory security training requirements do not carry over into the private sector. That is why New Horizons has developed a comprehensive learning platform that is designed to prepare corporate IT professionals to plan, build and maintain secure networks.

A security benchmark study conducted earlier this year by the Computing Technology Industry Association (CompTIA) shows that when a company trains at least one in every four IT employees in security fundamentals, it is 20 percent less likely to suffer a departmental security breach.

"IT security threats that were once infrequent occurrences now happen on a daily basis; and the potential for damage caused by these threats is magnified as never before," said Brian McCarthy, chief operating officer, CompTIA. "That is why more organizations are investing increasing amounts of their budget in IT security generally and training and certification specifically. Executives dealing with IT security clearly believe that training and certification are critical to improving their security practices."

"In the past, IT security was thought of in terms of securing hardware and software, but now the focus must be on training people to stop breaches before they happen," added Bean. "Currently, there is no clear definition of an information assurance professional and there is a desperate need for common standards and certification moving forward. New Horizons addresses this need by providing an Information Security Training Program that focuses on information assurance readiness and offers clear certification standards."

IT security courses provided through New Horizons Integrated Learning Solution Framework offer students a comprehensive learning platform that includes a variety of learning methods and resources ensuring the transfer of knowledge and a positive return on investment. The New Horizons Information Security offering consists of programs that enhance security skills at all levels within a corporation. The advanced IT professional has access to courses that provide the skills necessary to maintain a secure corporate network and perform strategic network security analysis and planning. Among the skills acquired is the ability to identify security threats, analyze network security risks, monitor the network for security breaches and respond to network and software-based attacks.