A new laboratory at Iowa State University is focused on teaching businesses how to protect themselves from online security threats.

The university’s Information Assurance Center has launched the Information Systems Security Laboratory, which will provide security training, testing and outreach to businesses.

“If you look at the security training landscape, there are several organizations out there that target the high-end security professionals and offer excellent training opportunities,” said Doug Jacobson, director of the Information Assurance Center. “But what’s missing is an effort to try to be training and giving security to the bulk of the (information technology) staff.”

Besides that, he said, many smaller organizations might have only one IT person who could use extra workshops and education on security. And some organizations, whether or not they have an IT person on staff, could benefit from non-IT professionals better understanding security risks.

The lab will provide training for businesses in all sectors, but will initially focus on smaller manufacturers through Iowa State’s extension service, the Center for Industrial Research and Service.

Businesses in industries such as finance and insurance or health often understand that they are a security target, Jacobson said, and are regulated by the government.

“But these manufacturing groups have a lot of intellectual property, have a lot of money churning through them, so they’re a target,” Jacobson said. “It’s nowhere near core to their business, so we think there’s a real need for trying to secure those businesses here in Iowa and provide them with the knowledge to be more secure on the Internet.”

The lab, which will be housed on campus but also provide staff to travel to business sites, developed from “piecemealing” work that has been done for years through the Information Assurance Center.

The center submitted a proposal for university funding to formalize efforts that were already being done. Julie Rursch, a lecturer in electrical and computer engineering, will direct the lab.

Part of the lab will include a space dedicated to test the security of different software and hardware products. Often, said Jacobson, security product vendors will have a desire to prove the effectiveness of a product before it goes to market, and the lab will allow students to test whether a product works.

The lab is waiting until early 2013 to ramp up its services. It is surveying businesses to learn their most pressing concerns and will build initial training programs around the results.

The cost to businesses for the training will be just enough to cover the lab’s expenses and make it self-sufficient.