honey stick security awareness metrics measurement
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community



A message from Scott Wright,
The S
treetwise Security Coach, on how you can easily justify Security Awareness measurement and training in your organization...

Wouldn't it be a great advantage to have some hard data about how well your staff is protecting sensitive information in the workplace?

  • Having some real metrics that clearly indicate whether or not there is a tendancy toward risky handling of sensitive information is the ideal way to justify taking decisive action.

Is it possible to measure the security awareness of staff?

  • Yes, it is possible to measure different aspects of your staff's security awareness. Honey Sticks are a simple method of detecting real human actions as the basis for indicating risky habits.

Can measurement of awareness be done safely and anonymously, without relying on staff to respond to surveys?

  • Yes, it is possible to measure risky human actions through a safe, "simulated" scenario that forces staff to make a security decision. Their actions tell the story, without pointing fingers at individuals.

The Honey Stick method of measuring security awareness gives you a live-action picture of how people handle risky situations - but in a controlled environment.

Here's how a Honey Stick test registers risky staff activity...

When a device is inserted into a computer connected to the Internet, and a file on the device is opened (i.e. double-clicked), a log entry is written at a webserver. The Device ID and time are recorded, and are reported back to you. No private information is collected, and no special programs are installed or run on the user's computer.

For information on how you could run your own Honey Stick Test, please contact me at:


or call



Scott Wright
The Streetwise Security Coach

For other useful tips and resources on security awareness, join the Streetwise Security Zone now!


Copyright 2012. Security Perspectives Inc. All Rights Reserved.