February 2001
Visible Statement
by Geoff Marshall
SC Review Reprint

 
For
Visible Statement’s use of the screensaver to deliver security messages is non-intrusive yet avoids the problem that users cannot be relied upon to initiate computer-based training modules.
Against
Installing and changing workstation configurations requires visiting each PC or using a third-party software deployment tool.
Verdict
Visible Statement succeeds in making effective use of the ubiquitous PC to enhance security awareness or deliver any other company message to employees in an entertaining and memorable way.

Visible Statement from Greenidea takes advantage of the inherent presentation capabilities of modern PCs to deliver security policy messages to staff. It is designed to facilitate a security awareness program by delivering security advice in a highly graphical animated form to enhance the recipient’s ability to retain the message in their mind. It uses the almost subliminal approach of hijacking the screensaver to deliver the animated messages, which can also include sound if the PCs are equipped with multimedia capabilities. The ubiquity of PCs in the modern workplace means that they are now the ideal platform to present any message that you wish to get across to your employees – not just security messages and not necessarily computer security messages either.

Visible Statement enables employees to see the bigger picture of security awareness training.

Greenidea quotes the following statistics to reinforce its marketing message. Companies spend huge amounts of money worldwide on corporate training and education, but only about 40 percent of the skills and information are transferred immediately into the workplace. This figure falls to about 15 percent at the end of twelve months from the date training was received.

Visible Statement follows the philosophy that security is a state of mind. If you think secure, then you have made the first step to behaving securely. Persuading employees to act responsibly with company information and property can be very difficult. For example, most employees would not leave home without locking the doors, but would they lock the office door while they pop out to buy a sandwich?

Getting across security messages is notoriously difficult. Security is an exciting subject to only a few security gurus – and, of course, thieves and hackers! Making security an interesting and exciting subject is the challenge that Greenidea has taken on board with Visible Statement. It does this by using humor and cartoon characters, together with amusing sounds.

These are designed to be fascinating to look at, just as many traditional screensavers are – it can be difficult to take your eyes off them. So next time your boss asks you to start doing some work on your computer, you can reply that you are studying the corporate security policy! It certainly makes a change from surfing the web.
Concentrated training fails to deliver long-term results unless it is supplemented by repetition spaced over time. This is exactly what Visible Statement does – repeats messages via the computer’s screensaver. By showing several different messages in random order, Visible Statement avoids the boredom factor and eliminates the risk that people will turn off and simply not see the message at which they are looking.

Installation is easy. You simply have to run the setup.exe file on each workstation on which you wish to display your security messages. Then you have to configure it to point to where the animated messages are stored – this may be on a local drive or on a network file server. Then you select ‘VisState’ as your screensaver, so that the current message comes up whenever the screensaver is activated.

This process has to be carried out on every workstation on which you want to display the message. Visible Statement provides no way of doing this installation from a central point but, of course, you could use third-party software distribution tools to perform this task. Neither does Visible Statement provide any way of locking down users’ desktops, so there is nothing to prevent users changing the screensaver from VisState to something else. Of course, there are other third-party products that could be used to perform this lock-down function, if you require it.

Once installed on every desktop, the animated messages can be updated from a central location. This facility is called the Auto Updater and each workstation must be configured to poll a central server for new messages. To do this you have to enter a hostname for the central server and a filename complete with directory path for locating the animation file to be used. The frequency with which this updating is carried out is user configurable – the default is 24 hours. When the system manager wishes to change the message, he or she simply replaces the animation file on the central server with the new one. You can have a number of different security messages, which are shown in random order by the screensaver.

System requirements are fairly relaxed. Basically, you need a 486 or better, running Windows 9x or 2000, with 16Mb RAM and 3.5Mb hard disk space. The program often uses sound and is best viewed using 256 colors or better color depth. The central server used to store the animated message ready for distribution can be any network file server, including NetWare, UNIX, Windows NT/2000, and even a peer-to-peer networked Windows workstation. In fact, you don’t even have to have a server – you can point the workstations to a web URL from which to download the animated message file. File space required is not large – typically 250Kb per animated message.

Visible Statement can be customized to suit your organization’s needs. The animated modules can be designed to support your training priorities and corporate culture. This customization can be done by Greenidea, although, if you have the resources to create your own animations there is no reason why you shouldn’t do it yourself. Greenidea uses software from Macromedia to create and deliver the animation files. Of course, Visible Statement can be used to present any ideas – not just security messages. However, Greenidea has concentrated on delivering a number of off-the-shelf security messages. These messages are not just about computer security issues, but also information security and physical security of property and personnel. Currently, these modules include: password protection, software piracy and closing down properly; company asset protection; leaving workstations unattended; challenging strangers and personal property. Others are under development, including one on computer viruses.

Pricing is on a sliding scale starting at $595 for 100 users and included free are all four of the above modules. Greenidea quotes a number of high-profile customers that use Visible Statement, including 3Com, Compaq, Lockheed Martin, and the U.S. Bureau of the Census. A free evaluation copy of Visible Statement can be obtained using the request form on Greenidea’s web site.
 

end
Contact Information:
 

Visible Statement

Version 1.0

from $595 (100 users)
(415) 863-2157
sales@greenidea.com

www.greenidea.com

Greenidea, Inc.
Contact: Russ Mumford
Greenidea, Inc., 950 Page St.
San Francisco, CA 94117
tel 415-863-2157 fax 415-437-1764
e-mail mumford@greenidea.com
Web site www.greenidea.com
 


SC Magazine

Copyright © 2001 West Coast Publishing. All rights reserved.
www.scmagazine.com