The Honey Stick Project

Using Honey Sticks can measure security awareness based on real human actions

Posted in Mobile Security Guidance, Measuring security awareness by Administrator on the September 21st, 2008

Recently, I’ve been receiving a growing number of inquiries about how people can use The Honey Stick approach to test security awareness in their business. It turns out that there are a few good reasons to use this approach for doing baseline measurements, and as an indicator of how well your security awareness program is working.

As Michael Santarcangelo commented to me recently, it is much more valuable to measure real human actions instead of just asking people their opinions or to recall how often they perform various activities. The Honey Stick approach is a cheap, easy and safe way to get an indicator of what level of awareness staff has. As a result, I am in the process of putting together a guide book and a kit that can be used to do basic metrics for how safely an organization’s staff handles unknown devices.

It’s always good to have questions, comments and anecdotes from real industry people. So, if you provide a relevant story in this thread, I’ll consider including it in the book, and I’d be happy to give you a copy when it is published.  What would you like to see in the book or kit?

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word