NoticeBored sample materials
Below are samplers of the NoticeBored awareness materials. Whereas the samplers are mostly read-only Adobe Acrobat PDF files,
subscribers receive the original editable MS Word, PowerPoint, Visio and high-res JPG files.
We provide editable materials to encourage subscribers to customize them to suit their circumstances. We also deliver a substantial quantity of fresh content each month
(typically around 50 Mb), and cover a wide range of topics (more than 60) - probably far too much for any single
organization but we are supporting subscribers whose security awareness programs are at different stages of maturity.
Each module contains an appropriate range of awareness materials depending on the subject matter, hence a given module will include most but not necessarily all of the different types/formats shown below. Check what is provided in this month’s module for instance.
Stream A: security awareness materials for staff (everyone in fact)
suggest creative activities for those running the security awareness program. We offer fresh ideas every month,
ranging from prize draw competitions and security awareness board games to self-phishing and black bag runs. Freed from the burden of
researching and preparing the materials, subscribers focus on interacting with employees - the fun part of the job.
Security awareness seminar presentations
cover aspects of the monthly topic that are likely to be of general interest to most people in the
organization. They are straightforward, relatively simple and mostly graphical PowerPoint slides plus written speaker notes. With minimal
technical jargon, the presentations explain the basic aspects of the topic and focus on things employees should do to protect information, both at the office and often at home too.
Security awareness posters 1 2 3
use dramatic photographic images to promote the information security brand in a general sense, raising
awareness of each month’s awareness topic in particular. The high-resolution poster graphics (normally six
per module) are deliberately
intriguing and visually stimulating with subtle touches of humor.
Security briefings and guidelines
provide background and context for the procedures, policies, seminars and case studies. They make good
desk-drops, handouts for the awareness presentations and content for the intranet Security Zone
Scam alerts 1 2 3
describe particular types of scam or threat, offering simple advice on how to avoid becoming a victim. [These aren’t
appropriate for every module. For the malware module, we delivered five of them.]
are generic templates or models to customize and adapt, or compare and contrast to your own.
are ideal for team meetings, facilitated seminars, brown-bag lunchtime sessions or as the basis for practical break-out
exercises in seminars, workshops and training courses. After describing a scenario, the case study poses a handful of questions regarding the
information security aspects for class discussion. Model answers are provided on a separate page to guide the facilitator or trainer, get the
discussion going and draw out the key security messages from the case.
present the challenge of finding the specialist words associated with the monthly topic, hidden in plain sight on a grid. A
fun way to expand your security vocabulary.
have a dual purpose: (1) to assess the level of employee security awareness in a simple and non-threatening way,
providing basic metrics concerning the awareness program, and (2) to gather audience feedback comments and suggestions to improve the program.
present a handful of multiple-choice questions to test recall and understanding of key messages on the monthly topic.
Deliver the tests on paper or cut-and-paste them into Information Security's intranet Security Zone
or Learning Management System.
are deliberately open-ended challenges designed to encourage creative thinking, free-flowing discussion and most of all fun
- not a word normally associated with information security. ‘Model answers’ help get the laughter flowing, if needed.
Information risk and security glossary
is a living document that gets revised and expanded every month, defining more than 2,000 terms so
far. Any specialist terms in the definitions are hyperlinked to their corresponding definitions, making it easy to follow a train of thought and
enjoy the learning process, much like browsing a thesaurus. [The glossary for the malware module was trimmed down to only cover malware
terms: usually, we provide the entire 300-page glossary with terms relevant to the monthly topic picked out in red.]
Stream B: security awareness materials for management
Mind maps and diagrams
outline the topic, showing relationships between the main elements at a glance. Stand back for the whole picture or
zoom-in on the details. We use the mind maps and diagrams to illustrate many of the awareness presentations and briefings. We supply the
original Visio files so that subscribers can adapt and re-use the images in other contexts if they wish.
raise information security and related governance matters for consideration by the Board of Directors and C-suite executives.
Support for information security from the top table presumes they appreciate the issues, so awareness is important even at this level. The
agenda is a device to stimulate discussion around information security, risk management and governance topics.
Model information security policies
are provided as generic straw-men against which to benchmark your existing corporate policies (if they
exist) or to create new ones (if they don’t). High level principles (axioms) are supported by more detailed policy statements. The roles and
responsibilities typically associated with each policy are explicitly documented. [We also offer a full set of information security policies
are highly visual slides covering the topic at a high level, accompanied by extensive speaker notes to guide the
presenter and optionally to print for use as handouts. We favor interesting diagrams, mind maps and news clippings over death-by-PowerPoint - the dreaded wordy blocks or bullet point slides.
imagine that you’re sharing an elevator ride with an executive who asks “How’s things?”. Given an awareness opportunity
lasting just a minute or so, what would you say about the monthly topic? This is the helicopter view of the topic in about 150 words.
are intended for those with senior managerial or governance responsibilities and a strategic perspective. The exec
briefings are punchy - a single side that gets straight to the point - yet they outline the security topic and key issues for senior managers.
are lengthier but still succinct, down-to-earth papers emphasizing relevant governance, risk, control and
oversight/compliance aspects of concern to general managers.
Model job descriptions
lay out the key elements and responsibilities of security-related roles along with an outline of the ideal candidate’s
qualifications and experience, and competencies (skills and aptitudes) in the style of single-page vacancy notices. Use these templates to justify
the positions to management and build your own roles descriptions or advertisements.
describe how to monitor, measure and systematically improve information risk and security relating to the monthly topic.
As with the other deliverables, these could
simply be adopted in the form supplied but they are primarily intended for awareness purposes, to
stimulate discussion with management around the topic area in the business context.
Stream C: security awareness materials for professionals/specialists
introduce and outline the subject area using topical extracts from the news media to bring the issue to life by exploring the
are great for “lunch-n-learn” or “brown bag sessions”, team meetings, to post on your intranet Security Zone
share with the IT department, power users and other professionals or specialists by email. While the slides are mostly graphical, written speaker notes are provided for additional information.
go into more detail on information risk and security issues. For a balanced approach, they usually cover non-technical
as well as technical aspects.
Internal Control Questionnaires
are checklists providing the starting point for a structured review of your organization’s information security
controls against policies, applicable laws, regulations and contracts, standards such as ISO/IEC 27002
, and general good practices. Share them
with your IT auditors, or use them yourself, it’s your choice.
* Note: use View - Comments in Acrobat to see the speaker notes accompanying the seminar slides. In PowerPoint, the slides are normally projected
onto a presentation screen for the main audience while the seminar leader sees the slides and the notes on the laptop screen in presenter view. The
slides are highly visual with relatively few words. The accompanying speaker notes explain the slides, drawing out the main points, but they are
interpreted and expressed live by the presenter, rather than expecting the audience to read tedious bullet point lists or paragraphs of dry text on the screen.
These samples are mostly read-only PDF files. If you would prefer to check out the editable MS Office files originally supplied to subscribers,ask us for a
complete evaluation module.