From zero to hero in one step

Information security managers, as a breed, are busy people. Our day-to-day job of keeping up with technology risks and security incidents leaves IT security training, awareness and education a much neglected area of information security. However, with NoticeBored Classic on the team, there’s time at last to make real headway on security awareness. Stop procrastinating and take the first step. Kick-start your security awareness program and step from zero to hero with NoticeBored. Now!

NoticeBored Classic provides the impetus to get your security awareness program quickly up to speed and the creative energy to sustain the initial momentum. There is no delay whilst you make an heroic effort to find time to research and prepare awareness materials yourself, and no need to justify to management the additional budget and headcount for your own specialist security awareness author. Just call on NoticeBored to bootstrap your awareness program, today.

We’ve been told “Security awareness, yes we tried that once - it didn’t work”. The reasons for failure vary but the following are common:

• The ‘awareness program’ in fact consisted of a one-off training course style lecture, typically thrown together as a legal or regulatory compliance activity rather than a value-adding part of the business;
• The lecture, although well meaning, went over the heads of most of the audience and had no lasting impact - most people came away none the wiser and simply returned to their normal (insecure) daily activities;
• The audience had to take time away from the day-job to attend the training(costing the organization money) and many of them resented the intrusion;
• Worst of all, since nobody really knew what the awareness activities were intended to achieve, there was no way to measure the success or otherwise. If awareness is seen as an end in itself, this is typical.

It’s easy to poke fun at the traditional “sheep dip” approach to security awareness but much harder to suggest significant yet pragmatic improvements. NoticeBored represents a genuine alternative, one that is proven to work well.

Your security awareness toolkit

The NoticeBored modules provide not only well-written awareness content specific to each security topic (the raw materials) but also, in a more general sense, the creative communications methods and ideas empowering you to reach out to and engage your colleagues (the toolkit). The posters, presentations, mind maps, briefings and discussion papers, puzzles, checklists, screensavers, case studies, newsletters and mind maps utilize a breadth of awareness, training and educational techniques. The ‘awareness activities’ papers provided in every module suggest new ideas to liven-up your awareness program and spread the good word about information security.

Just as with a carpenters’ toolkit, there are probably a few favorite tools that you will use every month and others that you bring out for particular purposes. You may like, for example, to pick out and circulate some of the awareness materials routinely to employees but make the remainder available on request. It’s good to have something in reserve to encourage people who are keen enough to want more.

Co-sourcing information security

Information security awareness is our specialism - it’s what we do. Meanwhile, our customers continue doing what they do best - in other words a classic co-sourcing arrangement. Drawing on our professional qualifications, focused research and experience, we generate and deliver top quality security awareness materials every month: our customers select and deliver appropriate materials to their employees using existing internal communications mechanisms. We release information security people from the burden of finding and preparing suitable awareness materials, leaving them to focus on what’s important about information security in their local business context, and using their local contacts to deliver the awareness messages. Security awareness generates financial benefits for our customers through reduced risks and improved controls, making the service extremely cost-effective (if you need convincing, take a look at our business case paper).

NoticeBored Classic is a bit like having your own information security consultant on the team but at a fraction of the cost. This is especially valued by our small- to medium-sized customers with over-stretched IT Departments (and that’s just the lucky ones!).

If you are already running a security awareness program, NoticeBored Classic complements and breathes new life into your existing awareness activities. It provides a wealth of fresh content but it’s really up to you how to get the best out of the service. We think you’ll find our passion for the subject infectious. 

Engaging hearts and minds

Through consistent use of the security awareness program logo, the professional writing style and engaging monthly topics, NoticeBored materials build on each other month-by-month forming a recognizable campaign theme (‘branding’). Every NoticeBored Classic document, email, web page, briefing, training session/awareness presentation, case study seminar, poster, quiz and conversation with your audiences reinforces the security awareness brand. 

Communicating consistent messages through a variety of media increases the chance of reaching everybody in your organization, both directly through the NoticeBored materials and indirectly e.g. by stimulating people to talk about information security by the water cooler. This is true multimedia professional communications - not just a few animated cartoon graphics! The point is to get under their skins, to make information security a pervasive element of the corporate culture and motivate employees to Do The Right Thing. We’re talking about building security in to the organization (not just to it’s IT systems).

Direct language, topical news stories and the odd a touch of humor keep the awareness materials relevant, useful and interesting. In line with modern best practice in change management and employee communications, we actively solicit feedback comments and suggestions from employees rather than simply broadcasting at them. Employee participation brings the whole campaign to life. There are organized activities, prize competitions and even crosswords. It might be a deadly serious matter but, handled the right way, information security can even be fun!

Compliance with the ISO/IEC 27000-series Information Security Management Systems standards

Where appropriate, NoticeBored Classic awareness materials refer to the international standard “Code of practice for information security management” ISO/IEC 27002:2005 (formerly known as ISO/IEC 17799 and before that BS 7799 Part 1). NoticeBored Plus takes this a step further by providing a full set of ISO/IEC 27002-compliant policy templates, while our generic information security policy manual is structured and closely aligned with ISO/IEC 27002. This is obviously of direct interest for customers working towards certification against ISO/IEC 27001 and in fact all customers value the sound security advice and international best practices derived from these popular international standards.

It’s now time to tell you about the price. Prepare yourself for a pleasant surprise ...