 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Build security in to your corporate culture
Information security should be there from every employee’s first day with the organization until their last. In other words, security should be an integral part of your corporate culture - ‘the way we do things here’. The fundamental purpose of induction or orientation training is to bring new employees quickly up to a basic level of understanding in their new environment. New recruits must be informed about their information security obligations (as laid out in laws, regulations, policies and working practices) and motivated to comply.
Information Security 101 - a basic security awareness module for security induction/orientation training
NoticeBored’s Information Security 101 module has a dual purpose in fact: it can be used both for
security induction/orientation training for new employees, and to help launch a new information security awareness program. In both cases, the module gets straight down to brass tacks,
presenting important information and advice to bring everyone quickly up to speed on information security essentials, creating a common if basic starting point of knowledge and understanding.
As with the normal NoticeBored monthly modules, the Information Security 101 module includes a range of security awareness materials suitable for general employees plus two further streams of material written to cater for the special needs of managers and IT professionals. Overall the content is a simpler than the normal monthly modules, however, providing a gentle introduction to the information security rather than focusing on a single security topic in some depth.
 |
Information Security 101 contents
Stream A: Basic security awareness materials for general employees
1. Information Security 101 awareness seminar 
The presentation covers the bare essentials of information security and is designed to be presented in less than 20 minutes. While the 11 slides themselves are deliberately simple yet visually appealing with graphics instead of words, more detailed speaker notes are provided to support the presenter and can be printed out for use as audience handouts.
2. Information security awareness program launch seminar
Presentation slides supporting a seminar to help launch your security awareness program. The presentation introduces and explains the purpose and structure of the program in 11 slides, with speaker notes as always . Launch with a bang but don’t stop there: there’s lots more to come!
3. Information security awareness posters x8 
Advertising professionals appreciate the importance of branding and so do we. Launch and promote your new information security awareness program with these full color photographic-style posters provided as high resolution JPG images suitable for professional or desktop printing. Electronic delivery keeps our costs and hence our prices down whilst giving you the flexibility to customize and print off as many posters as you need. Poster thumbnails below:
4. Security awareness screensavers x5 
These screensavers make handy security reminders for new employees’ first few days at work, or to accompany the awareness program launch. As with all the NoticeBored materials, you are welcome to pick one, several or none depending on your requirements. You can also customize the screensaver contents - contact us for simple instructions.
-
Three screensavers step sequentially through the slides from the three Information Security 101 seminar presentations, items #1, 15 and 22.
-
One steps through the security awareness program launch slides, item #2.
-
One displays the poster images in a random sequence, item #3.
5. Information Security 101 awareness briefing 
A succinct leaflets with the bare minimum of basic information security advice for general employees. Condensing information security to the essentials avoids overloading people with information on their first day at work, whilst introducing them to the breadth of advice available from your Information Security function, CIO and/or IT Help/Service Desk.
6. Information Security 101 top tips
Ten top security tips for employees, plus a mind map for those who prefer pictures to words.
7. Information Security 101 guideline on choosing good passwords
Help employees choose better passwords and keep them secret with these suggestions.
8. Information Security 101 bookmarks
A simple idea: bookmarks with some basic security tips on one side and three apt security quotations on the reverse. Make some cheap but useful freebies to give out on day 1.
9. Information Security 101 crossword
The crossword puzzle revolves around commonplace information security terms. This crossword covers more terms and is larger than the ones we normally supply each month. New employees may need some assistance to solve the crossword - perhaps their new work colleagues would be able to help? We provide the solution too, just in case you’re stuck for answers.
10. Information Security contact card with the ten security commandments
A double-sided but credit-card-sized Word document reminds people of Information Security’s Ten Commandments and has emergency contact information in case of security incidents.
11. Information Security 101 reminder postcard
A simple awareness idea - a postcard to remind employees about their information security obligations a little while after they have completed the induction/orientation training.
12. Information Security 101 security awareness survey form
Use the survey form to assess the level of security awareness of new recruits and get their feedback on the induction process. If you are about to launch your awareness program, a preliminary awareness survey can provide baseline metrics to demonstrate a gradual improvement as your program takes effect.
13. Information Security 101 awareness test
Check that employees understand and can recall the basic security awareness messages included in the module with this quick test. The test questions can also be incorporated into online Learning Management Systems.
14. Information Security 101 glossary
A hypertext document explains information security terminology, the jargon security professionals sometimes take for granted. Ideal for use on Information Security’s Security Zone (see item #29).
15. Information Security 101 hyperlinks collection 
The module contains a link to an HTML page of annotated hyperlinks pointing at general purpose information security resources.
Stream B: Basic security awareness materials for managers
16. Information Security 101 mind maps 
These colorful Visio diagrams give a graphical high-level overview of the key aspects of information security for general employees, managers and IT professionals. The mind maps are used to illustrate several other items in the module.
17. Information Security 101 management seminar
Introduce managers to their basic responsibilities relating to the management direction and control of information security for the organization. 11 PowerPoint slides with speaker notes.
18. Information Security 101 management briefing
A single-sided briefing paper on the basics of information security, intended as an easily-digested take-away from the induction/orientation session or awareness program launch.
19. Information Security 101 top tips for managers
Ten top security tips with a management slant.
20. Model high-level information security policy
An overarching information security policy example based on international security standards ISO/IEC 27001 & 27002, containing 7 key principles and 39 policy axioms. [An extended version of this is on sale separately if you need a more detailed information security policy manual.]
22. Executive briefing on Acceptable Use Policies
Explains the purpose and value of security-related Acceptable Use Policies and Codes of Conduct to senior managers. People often confuse these with plain “policies” but they are more like guidelines in fact.
23. Management briefing on information security metrics
White paper/management briefing paper discusses factors affecting the selection and use of metrics to measure and improve information security. This general paper sets the scene for the topic-based metrics papers provided in the monthly modules.
Stream C: Basic security awareness materials for IT professionals
24. Information Security 101 newsletter
The introductory level NoticeBored newsletter explains how the awareness program is structured and lists the topics that employees can expect to read about in future months.
25. Information Security 101 technical seminar
An introduction to information security basics for IT people who, oddly enough, often seem to lack any training in the fundamentals of security, despite their technical training and IT expertise. 10 PowerPoint slides with speaker notes.
26. Information Security 101 technical briefing
A succinct one-page briefing paper provides IT people with a gentle reminder of their security duties to take away from their first day at work.
27. Information Security 101 top tips
Ten semi-technical but eminently practical security tips for technologists. One side, short and sweet.
28. Information Security 101 awareness program activities ( S T A R T H E R E !)
This 10-page paper offers detailed guidance on using the awareness materials as part of your induction/orientation process, or to launch a new security awareness program. It includes creative ideas for communicating effectively with new recruits, putting information security in a positive light from day one, and a structured “menu” of prizes, gifts and trinkets to help promote information security through competitions, prize draws and other creative security awareness activities.
29. Design specification for “The Security Zone”
Detailed 14-page specification proposes the design for an awareness-focused intranet site for Information Security, drawing on our experiences with numerous Internet and intranet Websites (including this one!). Even if you have an information security site already, the ideas in this paper may suggest improvements to the structure, content and/or utility of the site. Maybe it’s time to refresh and re-launch yours?
30. Information Security 101 technical briefing on baseline security controls
This 4-page paper describes a reasonably comprehensive suite of “baseline” information security controls that would form a decent foundation for a more complete Information Security Management System.
31. Information Security 101 internal controls review checklist
In contrast to crude compliance tick-lists anticipating simple yes/no answers, our 6-page audit-style checklist poses open-ended questions and is primarily intended for use by qualified and competent information security management and audit professionals. Use the checklist to review your basic information security controls quickly as a prelude, perhaps, to an ISO27k ISMS implementation (i.e. a “gap analysis”), or simply to find out how mature your organization is in relation to others.
Information Security 101 module file listing
 |
Buy Information Security 101
Information Security 101 is available at a special price of just US$645*. Please contact us for further details on how to go ahead and purchase it.
Information Security 101 is provided at no extra charge to NoticeBored subscribers - yes, a free bonus!
How to use Information Security 101
While all the awareness materials in Information Security 101 are “camera ready” and finished to a consistently high level of quality, they are necessarily generic. We therefore provide the original editable unlocked files so you can easily make any necessary changes for example:
-
Replacing the NoticeBored logo with your own security awareness logo and where necessary adopting a “house style” through formatting cues such as fonts, heading styles etc. This is a useful way to link all the materials into a single coherent and instantly recognizable program, something marketing professionals consider important elements of “branding”. We apply our own templates to replicate the same NoticeBored look on all the materials, using Word’s styles consistently to make any subsequent styling changes easier;
-
Adding contact details (phone numbers, email addresses, pager numbers, internal mail addresses ...) for your information security people plus colleagues in related functions such as physical/site security, IT, Legal, HR and others, in particular the IT Help/Service Desk commonly used for reporting information security incidents as well as requesting advice on basic security matters;
-
Referring to applicable corporate security or other policies, standards, procedures, guidelines and awareness/guidance materials supplementing those provided in the module. Where appropriate, you may also choose to identify specific legal and regulatory obligations towards privacy, governance etc.;
-
Incorporating other awareness and training content, including pre-existing materials and complementary materials from our competitors and free sources;
-
Adopting the NoticeBored materials into Learning Management Systems, Content Management Systems, security training courses, new employee goody packs and so forth.
Why pay someone else to customize and maintain your security awareness materials for you when you can do it more cheaply and easily yourself, without revealing potentially sensitive details about your organization’s security risk and control requirements to third parties?
* plus 12.5% GST (sales tax) for New Zealand customers
Copyright © 2010 IsecT Ltd.