risk management, business management security, security awareness
HOME
PAGE
GLOSSARY
ABOUT US
WHY JOIN THE SWSZ?
LOGIN
HERE
JOIN
NOW!
SEE GROUP
DETAILS
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone

JOIN NOW and get your Free One-Year Membership

Site Search:

Site Meter

1aScottHeadJPG

During tough times, we learn the most about people's character. Your employees' attitudes can change without your knowledge. Click on the PLAY button to learn why you should be measuring your staff's security awareness (without invading their privacy), and how to conduct your own free Honey Stick Security Awareness Measurement test.

If you're ready to start your own FREE Honey Stick test, just click on the JOIN NOW button on the left side of this page (or click HERE) to get your free one year membership in The Streetwise Security Zone. Once you are confirmed as a member, you simply need to return to this page to register for your free Honey Stick filesets that you can use right away in any blank USB drive.

 

"Governance by Graffiti"
Simplified Security Resources Driven by a Concerned Community

The Streetwise Security Zone is a gathering place where you come to change the status quo for how information security is done  in your organization, and in your industry.

Why do we want a change? Because the field of information security is too big for any one person, or even a team of people, to master. If you are tired of being led down rat-holes by people who claim to know security, only to find out that what they are proposing is not workable in your business environment, you understand why we need a change.

We need to start looking at security from the business objectives first, and management must become involved at some point - preferably at the beginning.

For security, as for many other aspects of business, we depend on empowering our teams (as defined by Michael Santarcangelo II) to:

   1. Do the right things
   2. At the right times
   3. For the right reasons
   4. When nobody is looking

But even if your management isn't on side, that doesn't mean you can't make a difference. You'll be surprised at what you can learn, and what you can contribute.

If you don't think you'll be able to contribute, that's OK. Everyone is welcome, but even if you don't join we encourage you to invite at least one other person who might be a good contributor. Whether they are business owners, mid-level managers or concerned staff who just want to get their job done, we want to hear their stories about information security in their organization.

We depend on the contributions of members. We don't need a huge community to be successful, but we do need quality contributions and engaged members to have a chance of changing the status quo.

Featured Multimedia

file link contains audio content Measuring Security Awareness With Honey Sticks (ScottWright)
posted Wed October 8th @ 9:43 AM

This audio clip provides a discussion on the importance of employee security awareness, and how you can get an indication of how well your staff is doing by using a Honey Stick test. More »

Featured Articles / Podcasts

CAPTCHA's That Kill - Guaranteed Hacker-Proof (ScottWright)
posted Wed November 19th @ 8:19 AM

For the funny stuff, if you already know about CAPTHCA's, skip to the bottom of this article. Read More »

article linkThe perfect gift mug for Security Geeks - let them know you wouldn't want to be them (ScottWright)
posted Fri November 14th @ 6:59 AM

It's OK to be human, or even cynical about security for a moment, if you take advantage of the opportunity to engage people about the information they handle in their jobs, and how important it is to the organization. Read More »

article linkWhy Security Awareness Measurement is Important (ScottWright)
posted Fri November 7th @ 10:18 PM

The bottom line is that an employee can bring down some organizations' operational information systems these days with a single innocent click - sometimes with greater ease than if they were actually trying. Read More »

article linkHow to have fun with Airport Security (ScottWright)
posted Wed October 1st @ 10:15 PM

Sometimes the simplest ideas are the most satisfying. Take a sheet of metal, die cut some holes in it to form a message to airport security, and sell it to people who want to make a statement by putting them in their luggage... Read More »

article linkBaboons can demonstrate the same risk management skills as some managers (ScottWright)
posted Wed September 10th @ 12:02 AM

Here's a re-post of an article I wrote last year that a lot of people liked... Read More »

Start getting your FREE Security Tips Newsletter now!
What value do you get? - Click HERE.
Concerned about privacy? Click HERE

Name:
E-mail:

Digest: showing activity in non-member only areas for the last 1 days

Customize your digest options

Streetwise Security News
Wed, 19 Nov 2008 13:14:17 GMT

I'm sorry sir, but that's our (security) policy
(Wed, 19 Nov 2008 14:14:17 GMT)

Originally posted - February 20, 2007 Read More » Scott WrightThe Streetwise Security Coach

» view / add comments

Realtime Community | IT Compliance

CMS Gets Heat Over Not Actively Enforcing HIPAA
(Tue, 18 Nov 2008 19:59:51 -0500)

To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues...including significant information security and privacy vulnerabilities...dangerously unknown...

» view / add comments

Scott Wright's Security Views
Sun, 26 Oct 2008 16:12:04 +0000

Don’t depend entirely on Microsoft updates to protect your system from Zero-Day attacks
(Sun, 26 Oct 2008 16:07:59 +0000)

Zero-Day attacks are the name given to any type of action that exploits newly discovered security holes. Whether or not the vulnerability is publicly known, if an attacker exploits it before there is an update to fix the hole it’s a dangerous situation, because fixes aren’t available.Eventually, a fix will arrive, and it is important [...]

» view / add comments

The Security Catalyst
Fri, 14 Nov 2008 16:46:18 +0000

Electronic Information Retention Policy
(Fri, 14 Nov 2008 16:46:18 +0000)

By Patrick RomeroThe exponential growth in electronic information and the costs managing it, particularly in litigation, has spurred renewed interest in electronic records management and document retention programs.  A sound approach to developing an electronic records management and retention program would be to base it on a core principle that electronic records have value only [...]

» view / add comments



Copyright 2008. The Streetwise Security Zone - Governance by Graffiti (tm)