Read NBlog, the NoticeBored blog
Click for the site map
Welcome to NoticeBored

Fraud awareness New this month

One of 6 new poster imagesFrauds, scams, swindles and cons involve taking advantage of victims through the use of deception, which is itself a form of social engineering.  As such, fraud definitely qualifies as an information security concern, making it a valid topic for the security awareness program.

What’s more, fraud is an inherently fascinating subject.  The deviously creative nature of fraudsters means they find surprising ways to dupe and manipulate people, processes and systems, undermining or bypassing controls that superficially appear sound. 

There are subtle warnings in the module for managers, IT and information security professionals about challenging those naive assumptions we often make when designing and securing business processes and IT systems.  Division of responsibilities, for instance, is a widely used class of control that is vulnerable to collusion and other issues.

Another excellent reason for making employees well aware of fraud is to recruit extra eyes and ears to the extended information security team.  Fraud is much harder to conceal if those around you not only know the signs but are willing to report their suspicions.

Read more about the fraud awareness module and, as always, contact us if you’d like to subscribe to NoticeBored, our innovative monthly security awareness service.

PRAGMATIC cover 150Ascending new heights in infosec management New book out now

How do you measure information security?  What can and what should you measure?  Which are the most important factors?  Which of the myriad possible security metrics are actually worth the effort to gather, analyze and report?  These are tough questions to answer rationally.  For many, metrics represent the highest remaining unscaled peak in information security management.

PRAGMATIC Security Metrics is a thought-provoking yet eminently practical and readable how-to guide for CISOs, Information Security Managers and other stakeholders.  Packed with practical tips and plain-talking advice rather than theoretical considerations and heavy duty mathematics, the book explains the purpose and design of a coherent information security measurement system comprising a suite of carefully selected and ingeniously designed metrics.  The PRAGMATIC method takes the governance and management of information security to a whole new level. 

Copyright © 2013  IsecT Ltd.