|
|
| You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community | |
Most Active Members To appear on this list, update your profile, read content, post comments, and post messages.
JOIN NOW and get a free personal membership with one-month free Business Level access to monthly coaching sessions and product discounts. Help for... »» Non-Technical Staff MORE INFO... about The Streetwise Security ZoneYou can also contact Scott Wright
 |
Security Awareness Metrics and Measuring Security Awareness With Honey Sticks (Powerpoint) - Click HERE This slide deck highlights the advantages and issues around using mobile storage devices - like USB Drives - as a way of simulating real human risk decisions to gather data on security awareness. I have been running the Honey Stick Project as an experiment in measuring security awareness since early 2008. This presentation was delivered to the Ottawa Chapter of the Information Systems Security Association (ISSA) on October 30, 2009. Honey-Stick Social Engineering Tests: Penetrating Human Risk Decisions With Technology (Powerpoint) - Click HERE This slide deck is similar to the one above, but focuses more on penetration testing, rather than over-all measurement of security awareness. It was delivered to the Ottawa Area Security Klatch (www.oask.ca) on January 19, 2010. Social Engineering Risks and Tips for General Staff; Business Managers; and IT Managers and Staff (PDF) - Click HERE The downloadable slide presentation (in PDF form) on Social Engineering Risks and Tips is available only to Streetwise Security Zone Business (Full) and C Level Management (Premium) members (click HERE). The main Honey Stick Project page - Click HERE The Honey Stick Project page has the latest statistics from my research project, and also has blog entries with discussions of various risks in using USB Flash drives and other mobile storage devices. Dark Reading article on social engineering penetration test using USB Drives - Click HERE This is the article that inspired the Honey Stick Project. It was a penetration test done by Secure Networking Technologies for one of their clients. SNT wanted to use social engineering without any human interaction to demonstrate the ability to hack into an organization from the inside using USB Drives with custom software on them. The Honey Stick Project demonstrates a testing method that can provide similar results without the risks of having active code on devices "in the wild". ENISA 2007 Study on Security Awareness Metrics (PDF) - Click HERE This is one of the best articles I've seen on how organizations have tried to measure security awareness. It covers four different categories of awareness metrics, and has several "case studies" from real organizations in Europe. Honey Stick FAQ (PDF) - Click HERE Privacy Paper (PDF) - Click HERE
Other Resources and Notes Security Trivia Edutainment Quiz (Powerpoint - might be of interest for "Security Awareness Week" initiatives) - Click HERE The Ottawa Business Journal article about my research and the perils of targeted malware - Click HERE The Streetwise Security Zone Community - Click HERE The Streetwise Security Zone is a website community designed to provide educational materials, tools, podcasts and discussion forums for collaborating on security awareness. To date, we have over 120 members in the community. Basic membership to the forums and content is free. If you would simply like to get the free Streetwise Weekly Security Tips newsletter, please fill in the fields below. If you have questions about the Honey Stick Project, or are interested in discussing how you can measure security awareness in your organization, please contact me. Thanks for your interest in The Honey Stick Project and The Streetwise Security Zone. Scott Wright scott@streetwise-security-zone.com |
|
|