Read NBlog, the NoticeBored blog
Click the banner for the site map of NoticeBored.com, the information security awareness service
About NoticeBored

   

Making information security everybody’s business

Information security is a vital element of corporate and IT governance and risk management, which provides the organizational context.  Secure organizations confidently pursue new business opportunities that would be too risky for their insecure peers.  Information security, then, supports business objectives and hence security awareness has commercial value to the organization.

Simply put, security makes good business sense.

 

Feedback from a happy customer

 

Creative security awareness content from NoticeBored

Download the NoticeBored product data sheet (PDF)NoticeBored is our innovative monthly subscription service for information security awareness.  Download the NoticeBored product data sheet PDF file for the highlights or browse on to read it online.

We supply fresh batches of awareness materials for your staff, managers and IT professionals, covering a different information security topic every month.  Use our high quality, engaging materials and bags of creative energy to kick-start your information security awareness program, and build a genuine, deep-rooted and widespread security culture by:

  • Informing employees about current information security risks and controls, illustrating them through topical news stories about real-world incidents;
  • Providing, explaining and promoting commonsense security policies, standards, procedures and guidelines, incorporating and describing a broad range of good practice security controls;
  • Describing information security roles, activities and obligations, promoting accountability and responsibility, and positioning security compliance as something that benefits both the individual and the organization;
  • Encouraging employees to think and talk openly about information security matters, making it more visible and approachable;
  • Gaining employees’ active participation in the organization’s security infrastructure, going beyond simply ‘being aware’ by motivating employees to act more securely (promoting a security culture);
  • Growing and maintaining employee’s interest in information security over the long term, using each monthly delivery as an opportunity to move on to a new focus topic;
  • Measuring progress on security awareness - testing knowledge, comparing parts of the business and generating metrics to drive security improvements;
  • Most of all, turning good security practices into a subconscious habit - just ‘the way we do things here’.

 

Three Es model 300A NoticeBored subscription helps you:

  • Establish the requirements for information security in policies based on assessing the risks, and make your employees aware of their compliance obligations;
  • Educate employees on the security requirements and their obligations through continuous awareness and compliance activities; and
  • Enforce the rules defined in policies, standards, procedures and guidelines with compliance activities, coupled with learning, feedback and continuous improvement using “near-misses” as well as actual information security incidents.

Find out what makes security awareness so important, and why it’s our passion, in our popular white paper on the value of security awareness.

Read on to find out all about NoticeBored.

Next generation seductive security awareness

Information security awareness is what we do, it’s our passion.  You probably have other things that fire your imagination and that’s fine, but think of us first when someone suggests you really ought to have a security awareness program.

We are proud to have been acknowledged as a “best practice expert” in security awareness by ENISA, the European Network and Information Security Agency.  Our Business Case for an Information Security Awareness Program contributed to ENISA’s Users’ Guide: How to Raise Information Security Awareness.  The Users’ Guide expands considerably on our white paper with helpful advice to small companies on how to plan and establish security awareness programs.

While we don’t sell security technologies such as antivirus and firewalls, we have absolutely no problem with organizations using them as part of their information security management systems.  NoticeBored fills in the gaps between the technologies, tackling the human factors - those awkward and ill-defined issues that technology alone cannot solve.  But the best kept secret is that we also support and leverage those very same technologies by helping IT professionals and general managers appreciate their part in the bigger picture.  Do your IT people and managers understand the pivotal role they play in information security?  Or is security just another annoying barrier to them, something to be bypassed or avoided whenever possible?

Chris Potter, leader of the excellent biannual UK information security breaches survey, described the lack of security awareness as one of the biggest ongoing issues revealed by the survey. “The survey shows that staff are increasingly targeted by social engineering attacks (where outsiders try to obtain confidential information from employees).  In addition, businesses are becoming increasingly concerned about what is being said about them on social networking sites (such as MySpace, Facebook and Bebo), and some staff have posted confidential information on these sites.  This is a pretty dangerous combination.  Fortunately, there is some good news.  Companies are hardening their technical controls ... In addition, the proportion of companies that have an information security policy has quadrupled over the last eight years.  Most companies take active steps to tell their staff about their security policy and the risks they face.  However, companies are realising that increasing security awareness is only part of the answer.  The critical issue is changing people’s actual behaviour.  Too many users have a ‘click mentality’ - they become blind to warning pop-up boxes and do what expedites their current activity rather than what they know they ought to.  It is a bit like the road speed limit - everyone knows they shouldn’t speed, but many people go ahead and do so.  So, the agenda seems to be moving on from simple ‘first generation’ security awareness and onto ‘the next generation’ of behavioural change.  Many information security specialists, while knowledgeable about policy and technical issues, lack the skills to deliver true behavioural change into their businesses.  Only by working with other specialists, such as the marketing and HR functions, and by embedding security into the mantra of the middle manager, will businesses realise the benefits of a security -aware culture.”  Hear hear Chris!

Quoted from Deloitte's 2009 survey

Achieving genuine deep-rooted cultural change is the central aim of NoticeBored.  Our approach goes well beyond those dreadful first-generation annual security awareness torture sessions.  NoticeBored promotes information security continually through year-round activities using creative awareness materials, actively encouraging your employees to liaise with their colleagues in HR, IT, Legal, Risk Management and Compliance functions for example.  We exploit marketing, advertising and modern educational techniques to both extend and deepen the awareness program’s reach and build a strong security brand, moving on from broadcasting security imperatives at employees to actively engaging them as part of the solution.  Find out lots more about NoticeBored in this section of the website.
Home > About NB >

Copyright © 2012  IsecT Ltd.