Programmers Are Working Securely (PAWS)™ Index
Are your devices and accounts secure? Do you write secure code? Do you have at least 10 minutes to complete this poll?

The PAWS index poll is intended to both build and measure your security awareness. Completing this poll is the first step in providing evidence towards Section 7 (awareness) for ISO 27001 (referred to as 27K or 27 thousand one) certification. If there are acronyms or terms you aren't familiar with, please read the links at the end of the poll or google them. That's not cheating, the goal is to increase secure coding practices.

ISO compliance can be a dry and complex topic. The pressure of auditors scrutinizing your work can be intimidating. But, let's have fun with it. It's preferable to hackers exploiting vulnerabilities.

These five XKCD web comics are amusing and instructive. Reading time 3 minutes, laughter time: ?
https://xkcd.com/327/ Mom says "Sanitize your inputs"
https://xkcd.com/538/ Weakest link
https://xkcd.com/1200/ Don't let this happen to you
https://xkcd.com/936/ This isn't your grandma's password strategy
https://xkcd.com/565/ Insecurity questions

The Plan-Do-Check-Act loop is mandatory. Lets focus on Check and Act. Answer these questions with what you are actually doing, not with what you think you should be doing.
PERSONAL SECURITY PRACTICES - There's a saying "How you do anything, is how you do everything". If you're secure in your personal life, you likely bring that mindset to your work. *
Rarely
Sometimes
Usually
I lock my house
I lock my devices
I reuse passwords
I use a password manager
I encrypt at rest
I use MFA when available
Not using a password manager? Take 10 minutes to watch my password explainer video
According to https://haveibeenpwned.com passwords associated with my personal email have been compromised *
WORK SECURITY PRACTICES - Similar to the personal questions, but specifically at work. *
Rarely
Sometimes
Usually
I allow tailgating
I lock my devices
I reuse passwords
I use a password manager
I share passwords
I use MFA when available
I report phishing email
Not sure what MFA is? Watch my MFA explainer video in 6 minutes
According to https://haveibeenpwned.com passwords associated with my work email have been compromised *
Management takes security seriously *
What dollar value do you put on your companies good reputation? In other words, if a major customer suffered a data breach or an outage because of a vulnerability that could have been fixed, what would that cost us ? *
Regarding our security policies... *
Required
The CISO is *
What security related groups, books, courses or websites have you used and recommend?
My experience with OWASP is... *
Required
Developing code securely... *
Required
Static analysis tools... *
Required
Dynamic analysis tools... *
Required
Using effective security practices is good for my career *
This is where I can do my best work, work that I'm proud of. Serious vulnerabilities do not get released. *
I've updated Workday > Career > Certifications with all the certifications I have earned *
I’m familiar with CVSS *
This survey is anonymous. Enter your email address for follow up, if you want to.
Comments? Is there anything you'd like to add?
End of quiz, the following resources may educate and amuse you
Mandatory reading so that everyone is on the same page (Reading time: 22 minutes total)
https://owasp.org/www-project-top-ten/ Reading time: 5 minutes
https://www.empr.com/home/features/doctor-gets-jail-time-for-hipaa-violation/ reading time 10 minutes. Lesson: Privacy rights are better enforced than ever. Ignorance of a law is not accepted as an excuse for breaking it.
https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html Reading time 7 minutes. Lesson: ISO 27001 certification is a starting point. Following basic security practices, such as keeping things up to date, is critical to having secure systems.

Supplemental
https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf Reading time: 40 minutes
https://www.peterwhelan.com/petesprofessionalprogrammerplaylist/ by Peter Whelan, creator of the PAWS™ index
https://www.clickstudios.com.au/passwordstate.aspx Reading time: 10 minutes
https://securecodewarrior.com Make a game of learning secure coding practices, build a team and compete!
http://www.gameofhacks.com/ Another way to make a game of it. 5 minutes Ironically, they do not use HTTPS
If you can decrypt this, you know what to do WVVoU01HTklUVFpNZVRsM1dWaE9NRnBYU25CaWFUVnFZakl3ZGxKdWNIaE5NVVo0WVd4Rg

Some good books
Writing Secure Code (Developer Best Practices) 2nd Edition, by David LeBlanc, Michael Howard
Building Secure Software: How to Avoid Security Problems the Right Way by John Viega
The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems by Robert C. Seacord
The CERT Oracle Secure Coding Standard for Java by Fred Long, Dhruv Mohindr
Submit
Never submit passwords through Google Forms.
This form was created inside of Peterwhelan.com. Report Abuse