security awareness metrics, security awareness measurement, honey stick project, usb drives, social engineering, penetration testing, mystery shopping, return on security investment
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

Streetwise Security Awareness Tools

(30 day money-back guarantee)

Trivia Quiz Video

Streetwise Non-Trivial Security Quiz Video Loop - Just like in the movie theaters, this tool is a great way to engage people before a presentation, or while they pass by a booth or kiosk.

Click HERE to preview a low resolution sample of the video.

Buy Now

 Streetwise Customizable Non-Trival Security Quiz PowerPoint Deck - As the basis for the video loop above, this PowerPoint Deck lets you change, add or delete questions. You can create your own PowerPoint loop or video for open houses, kiosks and trade show booths. With some PowerPoint know-how, you can change the background graphics and logos. 

Buy Now

 


MORE INFO...  about The Streetwise Security Zone

You can contact Scott Wright
by Phone:
1-613-693-0997
or Email:
scott@streetwise-security-zone.com

 

 

Site Meter

Security Awareness Metrics and
Social Engineering Testing Resources

Measuring Security Awareness With Honey Sticks (Powerpoint) - Click HERE

This slide deck highlights the advantages and issues around using mobile storage devices - like USB Drives - as a way of simulating real human risk decisions to gather data on security awareness. I have been running the Honey Stick Project as an experiment in measuring security awareness since early 2008. This presentation was delivered to the Ottawa Chapter of the Information Systems Security Association (ISSA) on October 30, 2009.

Honey-Stick Social Engineering Tests: Penetrating Human Risk Decisions With Technology (Powerpoint) - Click HERE

This slide deck is similar to the one above, but focuses more on penetration testing, rather than over-all measurement of security awareness. It was delivered to the Ottawa Area Security Klatch (www.oask.ca) on January 19, 2010.

Social Engineering Risks and Tips for General Staff; Business Managers; and IT Managers and Staff (PDF) - Click HERE

The downloadable slide presentation (in PDF form) on Social Engineering Risks and Tips is available only to Streetwise Security Zone Business (Full) and C Level Management (Premium) members (click HERE).

The main Honey Stick Project page - Click HERE

The Honey Stick Project page has the latest statistics from my research project, and also has blog entries with discussions of various risks in using USB Flash drives and other mobile storage devices.

Dark Reading article on social engineering penetration test using USB Drives - Click HERE

This is the article that inspired the Honey Stick Project. It was a penetration test done by Secure Networking Technologies for one of their clients. SNT wanted to use social engineering without any human interaction to demonstrate the ability to hack into an organization from the inside using USB Drives with custom software on them. The Honey Stick Project demonstrates a testing method that can provide similar results without the risks of having active code on devices "in the wild".

ENISA 2007 Study on Security Awareness Metrics (No longer published on their site...)   :o(

This is one of the best articles I've seen on how organizations have tried to measure security awareness. It covers four different categories of awareness metrics, and has several "case studies" from real organizations in Europe.

Honey Stick FAQ (PDF) - Click HERE

Privacy Paper (PDF) - Click HERE


 

Other Resources and Notes

Security Trivia Edutainment Quiz (Powerpoint - might be of interest for "Security Awareness Week" initiatives) - Click HERE

The Ottawa Business Journal article about my research and the perils of targeted malware - Click HERE

The Streetwise Security Zone Community - Click HERE

The Streetwise Security Zone is a website community designed to provide educational materials, tools, podcasts and discussion forums for collaborating on security awareness. To date, we have over 120 members in the community. Basic membership to the forums and content is free.

If you would simply like to get the free Streetwise Security Tips series and Newsletter, please fill in the fields below.

Name: E-mail:

If you have questions about the Honey Stick Project, or are interested in discussing how you can measure security awareness in your organization, please contact me.

Thanks for your interest in The Honey Stick Project and The Streetwise Security Zone.

Scott Wright

scott@streetwise-security-zone.com
613-693-0997

Site Meter

Share

Copyright 2012. Security Perspectives Inc. All Rights Reserved.