The Streetwise Security Zone - A Security Awareness Education and Collaboration Community for Business Staff and Management

risk management, business management security, security awareness

HOME
PAGE

GLOSSARY

You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

JOIN NOW and get your Free One-Year Membership

Featured Blogs / Podcasts / Articles »

Educating your team to

"Work Smart and Work Secure"

Welcome... Tengoldenrules.com podcast listeners!

For your free one-hour audio guide to Facebook Privacy and Security click HERE.

And please have a listen to the Streetwise Security Zone Podcast by clicking HERE.

Reasons to join The Streetwise Security Zone (in addition to the special bonuses above)...

For Executives - Learn how you can "walk the talk" and protect your organization's future growth from being sabotaged by rapidly evolving information threats, or by your own "Accidental Adversaries".

For IT Staff - Learn how to communicate effectively with management and staff about security awareness, and find innovative ways to keep everybody engaged in securing the information they handle in their jobs.

For Everybody - Learn how to effectively focus on the information risks related to your job, and find ways to provide feedback to management about what you need to do your job securely and efficiently.

Featured Articles / Podcasts

Communicating the need for "security policy" in SMBs and other organizations (ScottWright)
posted Tue June 30th 2009 @ 2:50 PM

It's a common problem in Small and Medium-sized businesses. The word POLICY sets you back and you lose credibility - whether you're talking about "security policy" or a "product return" policy. It can certainly turn off workers in the blink of an eye. (In fact, I've probably lost you already... ) So, what can you do if you feel that there are no consistent rules around security in your organization?

Security Policy is one of the major pillars of any security program. But if SMBs ignore this pillar, or fail to make progress in defining some consistently applied rules, it's really a demolition derby of rogue employees doing whatever they want, in the name of "innovation, agility, responsiveness" or any other advantage a small business has over its larger industry peers.

Policies seem to be more acceptable in larger organizations, where you need it to avoid complete anarchy. But where security is concerned, policies - or something resembling them - are critical, for even the smallest of companies. A one-man shop or a family computer in the kitchen needs a set of guidelines or conventions for working safely.

I've worked with companies where I knew as soon as the word slipped out of my mouth that they thought I was trying to drive a nail with a sledgehammer, with respect to securing their operations - way overkill in their minds.

But if you can find out what the organization's culture "cares about", you can start to identify the consequences of failing to have something equivalent to good security policies. What would be the consequences if some information was disclosed or modified without authorization? Or what would be the impact on revenues or costs if information your business relies on was unavailable to you when you needed it? Read More »

Dilbert's boss responds to poor online ratings with style (ScottWright)
posted Mon June 29th 2009 @ 9:18 AM

WARNING: Not necessarily security-related, but still funny!

When Dilbert brings news to the Boss that the company is getting hammered in online ratings, the Boss has not only a creative solution, he does it in less than 140 characters - made for Twitter! Read More »

Its the Databases, Stupid! - You can't say you don't have one somewhere in your enterprise (ScottWright)
posted Mon June 15th 2009 @ 7:14 PM

This article has a good summary of the motivations and mechanisms that are causing social networking sites to be a threat to enterprises. Read More »

The ultimate cheap deterrent safeguard (ScottWright)
posted Sun June 14th 2009 @ 10:22 PM

If the value of the asset is low enough, sometimes a deterrent safeguard is all you need...
Read More »

Avoid Being "Squatted On" In Facebook - Register Your Username ASAP (ScottWright)
posted Fri June 12th 2009 @ 11:05 AM

According to the notice I see on Facebook today, you might want to stay up until midnight to register your custom Facebook username...

Starting on Saturday, June 13th, at 12:01am in your time zone, you'll be able to choose a username for your Facebook account to easily direct friends, family, and coworkers to your profile. Check out the Facebook Blog for more information or send yourself an email with the details.
Read More »

Learning styles and world views - Why some training programs don't work as well as others (ScottWright)
posted Wed June 3rd 2009 @ 11:23 PM

One of the biggest barriers to achieving an effective culture of security in an organization - even those with only a few employees - has to do with communication issues, not just the slide deck content. I'm talking about "learning styles", and what Seth Godin calls "world views". Too many security awareness initiatives seem to treat everyone as having the same capacity to absorb the content from a single slide deck. Read More »

People get ready - Drop in value of stolen IDs means more targeted attacks coming (ScottWright)
posted Sat April 18th 2009 @ 8:49 AM

Despite all the security articles that have been published trying to stem the growth in Identity Theft by educating the masses, we have reached an interesting milestone. Hackers who have been harvesting ID's have collected so many that the market is literally "devaluing" them. My take on this is that hackers will have to start looking for more lucrative ways to spend their time and effort. The logical progression would seem to be to shift their efforts to committing fraud that can bring in more money.
Read More »

contains audio content 005 Privacy and Security Awareness Training with Guest Rebecca Herold (ScottWright)
posted Wed March 18th 2009 @ 6:39 AM

Get a glimpse into the real-world problems of privacy and security awareness training from this episode’s featured guest, Rebecca Herold, (AKA PrivacyProf on Twitter). The following notes correspond to the content in this episode of The Streetwise Security Zone Podcast.

You can listen to the podcast while viewing this page in The Streetwise Security Zone website by clicking on the "Play" icon in the player widget above, or you can download it by clicking on the "Down Arrow" at the left side of the widget. It's also available through iTunes via the iTunes link in the left hand column in The Streetwise Security Zone Podcast page of the website. Note that the times identified below represent absolute times on the timeline, not durations. Read More »

Secrets of an Identity Thief Interpreted for Your Edification (ScottWright)
posted Fri March 6th 2009 @ 11:46 PM

Did you ever wonder why hackers, phishers, and scammers go to all the trouble of creating so many fake emails and messages on social networking sites? It's primarily to steal userids, passwords and identity information that can be sold to other spammers. This article (click HERE) is apparently an interview with an 18 year old phisher who's been doing it for at least 4 years. There is some controversy over the hacker's claims, but the writer who did the interview (RSnake) is respected in the security industry, and says he has verified some of the individual's claims.
Read More »

Protect performance and mental health by using good Facebook privacy settings and practices (ScottWright)
posted Thu March 5th 2009 @ 12:00 AM

I believe the impacts of identity theft, data leakage and cyber-stalking are going to become huge issues in business and society in the near future, as everyone starts using Facebook and other social networking tools.
Read More »

Follow or message Scott Wright on Twitter as @streetsec...

Twitter / streetsec

streetsec: RT @timlefebvre: but had great time @ montreal jazz with botti, @theloosh, @syberspace, @jamiecullum, @cheekyjeremy, @mgardot. -'sAwesome!

(Fri, 03 Jul 2009 18:15:18 +0000)

streetsec: RT @BillP: Security TIP: If you give a site yr Twitter name/password 2 Get a 1000 Followers YOU GIVE AWAY YOUR PASSWORD!

(Thu, 02 Jul 2009 12:44:55 +0000)

streetsec: RT @BrianHonan: Some excellent security awareness videos available free from ENISA http://bit.ly/132FZg

(Wed, 01 Jul 2009 16:23:34 +0000)

Twitter / Favorites from streetsec

stevewerby: Run a website? Keep the software on it current & scan it for vulnerabilities or it could end up hosting porn & malware. http://bit.ly/s1eRC

(Sun, 28 Jun 2009 17:01:57 +0000)

Realtime Community | IT Compliance

Nevada's New Encryption Law; Made Moot By Its Own Data Breach Law?
(Thu, 02 Jul 2009 17:55:52 -0500)

On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010. In many ways the new law is an improvement over the much more vague, and brief, NRS 597.970. I want to focus here on an improvement, but something that still leaves much to interpretation; that is, what is meant by "encryption"?

The Security Catalyst

Unintended Consequences: Training, Metrics, Speed, and Quality
(Fri, 03 Jul 2009 11:00:33 +0000)

I’ve been developing and conducting training classes for years – never entire curricula, but individual classes like security awareness. In general I’ve been pretty successful, and I haven’t found it that difficult: explain the topic in an organized way, explain why certain things are they way they are, give some concrete examples, and most people [...]

Scott Wright's Security Views
Tue, 30 Jun 2009 19:01:33 GMT

Communicating the need for "security policy" in SMBs and other organizations
(Tue, 30 Jun 2009 19:50:26 GMT)

It's a common problem in Small and Medium-sized businesses. The word POLICY sets you back and you lose credibility - whether you're talking about "security policy" or a "product return" policy. It can certainly turn off workers in the blink of an eye. (In fact, I've probably lost you already... ) So, what can you do if you feel that there are no consistent rules around security in your organization?Security Policy is one of the major pillars of any security program. But if SMBs ignore this pillar, or fail to make progress in defining some consistently applied rules, it's really a demolition derby of rogue employees doing whatever they want, in the name of "innovation, agility, responsiveness" or any other advantage a small business has over its larger industry peers.Policies seem to be more acceptable in larger organizations, where you need it to avoid complete anarchy. But where security is concerned, policies - or something resembling them - are critical, for even the smallest of companies. A one-man shop or a family computer in the kitchen needs a set of guidelines or conventions for working safely.I've worked with companies where I knew as soon as the word slipped out of my mouth that they thought I was trying to drive a nail with a sledgehammer, with respect to securing their operations - way overkill in their minds.But if you can find out what the organization's culture "cares about", you can start to identify the consequences of failing to have something equivalent to good security policies. What would be the consequences if some information was disclosed or modified without authorization? Or what would be the impact on revenues or costs if information your business relies on was unavailable to you when you needed it? Read More »Scott WrightThe Streetwise Security CoachJoin the Streetwise Security Zone at:http://www.streetwise-secur... 1-613-693-0997Email: scott@streetwise-security-zone... ID: http://www.twitter.com/streets...

Digest: showing activity in non-member only areas for the last 1 days

Customize your digest options

Help for... »

Resources »

Other Stuff »

Digest: showing activity in non-member only areas for the last 1 days