NoticeBored’s unique approach

We are well aware that NoticeBored is not your only option. What sets us apart from more traditional approaches to security awareness is that we are setting the benchmark, constantly innovating and finding novel ways to make employees aware, motivating them to change their behaviors, generating a security culture and realizing valuable business benefits. 

Here’s how ...

Compare NoticeBored with more traditional alternatives

Traditional approach

NoticeBored

Either do nothing at all (!), or hold an annual “awareness session” (in reality, a formal lecture at staff by management)

Inform and motivate staff, managers and professionals through multiple formal and informal communications channels and mechanisms running in parallel all-year-round

Stick some corny eye-candy posters on staff noticeboards ... and leave them up indefinitely

Circulate fresh awareness information every month in a range of formats so there’s always something new and interesting to read and absorb

Cover security issues that are so last-year

Pick up on topical news and events as they unfold; find out how to deal with new issues, novel threats and vulnerabilities, as they emerge

Get the go ahead, develop the awareness materials and eventually launch the awareness program with a bang ... but then quickly run out of steam

Launch the program today! Quickly establish a high level of awareness and keep it rolling forward indefinitely, drawing on a ongoing stream of creative energy and impetus

Cover too many issues at once, mostly quite superficially due to time constraints

Stick to a single, relevant information security topic each month, seizing the opportunity go into more depth as appropriate to each audience

Keep to the basics such as viruses and passwords

Cover nearly 50 topics from different perspectives, reflecting current security risks/incidents and topical news stories

Address local/national compliance obligations - no more, no less

Broaden the outlook beyond legal and regulatory compliance to take in good security practices from across the globe plus strategic and tactical objectives from within the corporation, including corporate policy and contractual compliance

Broadcast management edicts and security instructions at staff

Encourage feedback and interaction from employees and engage with them by treating them as sentient beings rather than merely passive recipients of information

Deliver a random assortment of sometimes contradictory messages, written by a variety of authors with differing styles, preconceptions knowledge and objectives

Through quality assurance and branding, integrate all the awareness materials into a coherent, consistent, high quality and instantly recognizable longitudinal campaign theme

Think of “security awareness”as an end in itself

Understand that security awareness is merely a means to an end: the objective is to create genuine behavioral and cultural changes in order to cut costs and increase assurance

Tell staff to comply with “the rules” for information security as defined by management “or else!”

Help everyone (managers, staff and professionals) understand their respective security obligations; explain the security rationale; offer practical and relevant guidance in their own terms and familiar language

Try to sack those who break the rules, but run into trouble with the lawyers or unions because “the rules weren’t clear” or they “aren’t enforced”

Markedly improve security governance; ensure that everyone, at all levels, is aware of and understands their obligations; hold people personally accountable for their actions and inactions

Send staff away on security training courses and awareness sessions with no follow-up support

Raise security awareness without interrupting normal work; encourage people to seek out additional informative resources (as much pull as push)

Be boring, tedious, generally ignored

Be creative, interesting, engaging, novel, relevant, occasionally challenging and provocative - even fun! Laughs permitted!

Communicate either in a formal, stuffy and stilted style, or else a superficial, rather offhand style using childish cartoon graphics and weak jokes

Use a full range of formal and informal communications styles and methods to suit the various adult audiences and messages, maintaining a professional business-like approach throughout

Empploy IT security professionals (if they have the time and competence) or technical authors (trained to write technical manuals in a technical style) at some expense to write information security materials

Share the services of professional authors, well-qualified and experienced professional security awareness specialists, creating security awareness materials to a consistently high quality camera-ready’ standard for a fraction of the cost

Aim the security awareness materials squarely at “end users” (meaning IT users), more-or-less completely ignoring other audiences throughout the organization

Engage people - all employees, not just computer users - through an inclusive program giving appropriate information and guidance to suit their specific needs

Cover just the essentials - the bare minimum requirements only

Cover the basics thoroughly, adding topical information security, governance, information risk, compliance and related subjects

Rely entirely on online training

Supplement online/electronic delivery with a wide variety of awareness activities and methods, exploiting social media and corporate social networking opportunities for face-to-face interactions with information security professionals

 Blindly hope that awareness messages will all sink-in and register

Measure awareness objectively through surveys and tests, using the data to fine-tune the awareness program month-by-month

Promise quick results from the awareness program and disappoint management when things don’t suddenly improve in just a few short months

Anticipate that genuine cultural change is a slow process; lead management and staff on the same journey

Pick someone junior from Information Security or Training to design and run the program, or “get someone in”

Draw on the professional expertise and energy of experienced security awareness specialists without the overheads and costs of recruiting, employing and managing them

Run the program purely as an internal IT activity involving limited in-house skills and resources

Tap into the resources of all parts of the organization e.g. Information Security, Site Security, HR, Risk Management, Audit, Legal and Compliance; treat information security as first and foremost a business issue, not limited to technology or IT

We don't follow trends - we set themIn relation to setting the benchmark , some but not all of our inventions, including concepts that have been central to NoticeBored for more than a decade, have since mysteriously found their way into competitors’ offerings. They say imitation is the sincerest form of flattery, so we consider ourselves duly flattered! Nevertheless, we prefer to lead than to be led. We don’t follow industry trends so much as set them. Originality and quality will always define our products and differentiate us from the pack. We continue to innovate at every opportunity, frequently introducing new awareness topics and different types of engaging and creative awareness material. If you have a novel or unusual security awareness idea, do get in touch. Together, we can bring good ideas to fruition.

HomeAbout NBWhat we achieve together > Unique >

Copyright © 2017 IsecT Ltd.