 NoticeBored Plus
datasheet
February 2008
Printable PDF version
Introduction
This product data sheet explains what NoticeBored Plus is, how it works and how to use it.
Quick links
NoticeBored Plus - the smart way to manage information security
NoticeBored Plus combines the award-winning SecureAware Information Security Management System (ISMS) from IsecT’s software partners, Neupart, with IsecT’s own pioneering security awareness service, NoticeBored Classic.
About SecureAware ISMS
Running on the corporate intranet or hosted externally on the Internet, the SecureAware ISMS software make a structured and comprehensive set of
information security policies and materials available to your employees and provides the information security manager with the tools to manage them.
SecureAware ISMS incorporates a specialized Learning Management System (LMS) specifically designed for information security policy education, awareness,
training and testing. The SecureAware ISMS software gives employees ready access to your information security policies, standards, guidelines etc. plus the
associated awareness and training utilities. Furthermore, the system facilitates and supports common information security management activities such as
assessing information security risks, maintaining the policies and measuring compliance.
The SecureAware ISMS system is supplied with a range of pre-written best practice policies to get you started. A comprehensive set of information security
policy templates based on ISO/IEC 27002 can be used as the basis for your information security policy manual, provide additional policy statements to
supplement your existing manual, or be completely replaced with your own policy materials - it’s your choice.
In addition to making security policies available to employees, the system incorporates facilities for you to build education programs including eLearning
training modules and security awareness tests. Ten information security lessons are provided to educate computer users on the basics of information security,
supplemented by the NoticeBored Classic modules (see below).
The user interface is intuitive and professionally presented as a conventional web portal. It is easy both to use and to maintain. Furthermore, by using the system
to publish and link to relevant NoticeBored Classic security awareness materials, employees are encouraged to visit Information Security’s intranet site more often
, thereby keeping up with policy changes and becoming more familiar with their information security obligations as a whole.
About NoticeBored Classic
NoticeBored Classic provides a continuous stream of awareness materials covering a fresh information security topic each month. The NoticeBored Classic
awareness modules provide awareness posters, briefing papers, seminar/presentation slides and other creative materials supporting an absorbing
and engaging security awareness program. Working in conjunction with SecureAware ISMS, this comprehensive rolling approach to information security
awareness promotes a genuine security culture. Please note: this product data sheet primarily describes SecureAware ISMS. For further information on NoticeBored Classic, please look here or check the separate NoticeBored Classic data sheet->.
Advantages of NoticeBored Plus
NoticeBored Plus maximizes the productivity of busy information security managers and other IT professionals, providing ISO/IEC-based best practice
security policies to help launch your ISMS quickly and the management tools to maximize their value thereafter.
A comprehensive, integrated Information Security Management System
SecureAware ISMS is an active security management system, not just a static information repository. The core elements of an ISMS are supported through
SecureAware’s five tightly-integrated software modules:
The risk module is a unique tool for commercial businesses, government agencies and other organizations. It provides an easy-to-use framework
that guides you efficiently through the high level information security risk assessment and detailed risk analysis processes. The outcome (an
overview of your information security risks with a deeper understanding of key risks and information assets), lets you focus on securing your organization. The policy module is used to define, manage and deploy your information security policies, standards, procedures etc. addressing the identified risks.
If you wish, you can manage multiple standards (e.g. ISO/IEC, NIST, FISMA, PCI, custom policy frameworks etc.) consistently with the one ISMS.
Through explicit security policies, management clarifies the information security controls necessary to address the identified risks. In other words,
management defines and mandates the organization’s security rules. Using the education module, the security manager sets up structured training sessions for users based directly on the organization’s policy rules
and good security practices. Employees learn about, explore and come to understand the policies. The survey module provides a mechanism to check and demonstrate that employees are not only aware of the rules but actually comprehend them.
This motivates employees to learn more and provides feedback on progress to management. Employees become engaged with and support the framework of security controls. Finally, the compliance module helps management keep tabs on the security controls actually in operation. The checklist prompts users systematically to
confirm the status of the controls against the requirements of ISO/IEC 27001/2. Management becomes more confident with the organization’s security stance as the compliance status improves over time.
The five modules share a common database of security rules and parameters. Rules defined or changed through the policy module are automatically
referenced/updated in the other modules, keeping the whole ISMS internally consistent with minimal effort.
ISO/IEC 27001/2 implementation and compliance
NoticeBored Plus is particularly suited to organizations using the best practice security standards ISO/IEC 27001 and 27002. ’27002, the international
standard Code of Practice for Information Security Management, requires management to define the policy framework and controls necessary to manage
identified information security risks. ’27001, the accompanying certification standard, specifies the ISMS needed to structure and drive the associated activities as an ongoing management process.
NoticeBored Plus satisfies the ISO/IEC requirements for security awareness, supporting the implementation of ISO/IEC 27002 and compliance with or
certification against ISO/IEC 27001 at all key stages:
The SecureAware ISMS system supports and documents risk analysis activities undertaken in defining your ISO/IEC 27001 Statement of
Applicability and classifying your information assets; Generic ISO/IEC 27002-based policy templates (suitable for organizations with high, medium or low security requirements) are pre-installed and ready
to customize. Alternatively, you can replace them with your own security policies. You are free to adapt the specific controls to suit your
organization’s unique information security risk management needs; The flexible SecureAware ISMS software enables you to tailor and disseminate security policies, standards and other awareness materials,
including those provided each month by NoticeBored Classic. Security awareness/education activities such as training lessons and screensavers
can be created and where applicable linked directly to the policies; Compliance checklists reflecting the latest releases of ISO/IEC 27001 and 27002 ask questions about specific controls and implementation guidelines.
“Compliant”, “Partially compliant”, “Not compliant” or “Irrelevant” are accepted responses, supplemented by notes or references to related
documentation and expected compliance dates. The system then creates PDF reports with executive summaries and details of the compliance status.
By integrating security policy management with education and awareness activities, NoticeBored Plus substantially improves compliance. It leverages
the information security manager’s valuable expertise, time and effort. Better information security leads in turn to bottom-line savings by reducing costly incidents and is a business enabler.
Giving you the flexibility of full control
As with the NoticeBored Classic awareness materials, you manage the security policies yourself according to your particular requirements. Straightforward
editing tools and intranet publication functions are provided in SecureAware ISMS, avoiding the need for someone else to customize and maintain your ISMS. This
approach not only saves you consultancy fees and time but avoids you having to describe sensitive information security requirements explicitly to a third party.
Rôle-based access controls are built-in to the system, ensuring that only authorized users can use the SecureAware ISMS functions. The basic installation
manages usernames, passwords and access rights through a single database module although if you prefer to manage SecureAware ISMS users externally,
user authentication can be performed by a front-end web server such as Microsoft IIS or using an LDAP provider such as MS Active Directory.
Free-up the information security manager’s valuable time
The clever technology inside SecureAware ISMS helps busy information security managers, saving them time and effort for other tasks where they add the most
value. Whilst it is possible, for instance, to prepare and distribute new security policies manually, it takes a great deal of effort to ensure that everyone actually
reads, understands and uses them. Using NoticeBored Plus, the information security manager can do all this from the comfort of his or her office using the
pre-installed policy templates and deliver the associated awareness briefings etc. through the intranet. Smaller customers without the luxury of full-time
information security managers find this a real boon. Busy information security managers everywhere value the opportunity to get on with more interesting and worthwhile activities.
Delivers genuine business benefits
NoticeBored Plus helps you secure your organization’s information assets against confidentiality, integrity and availability risks. Comprehensive controls are not
only defined in policy but implemented in practice and reinforced through awareness, training and education, directly reducing losses through costly security
incidents. Greater trust in the security framework also allows management to pursue new business opportunities more confidently than vulnerable competitors.
In this sense, information security is a genuine business enabler and NoticeBored Plus is a highly cost-effective way to secure and improve your business.
The SecureAware ISMS technology
SecureAware ISMS is provided as a complete self-contained application system. The installation package contains fully licensed standard versions of several Open
Source components, namely the Java runtime engine, HSQLDB database server, Apache Tomcat web server with servlet engine, and Hibernate for the data access
layer. Provided it has a JDBC version 3.0 driver, customers may optionally choose a different back-end database (e.g. MySQL, MS SQL Server or Oracle), either on the same server or separated from it (e.g. on a database cluster).
Thanks to the structured architecture, the back-end database is abstracted from the application and presentation layers through a data access layer on the
SecureAware ISMS server, communicating via JDBC 3.0. The supplied HSQLDB database may therefore be replaced by MS SQL Server, My SQL, HSQ, Oracle or
other databases that also use JDBC 3.0. The modular architecture brings obvious benefits to the developers and a coherent overall structure.
Prerequisites
SecureAware ISMS itself is a Java application that is fully supported on Microsoft Windows (XP/2000), Windows Server (2000/2003) or Red Hat Linux (version 7
or above). The minimum server hardware requirement for a single portal system is a 3GHz Intel Pentium 4, Xeon or similar CPU with at least 512Mb of RAM and at
least 300Mb of free disk space. Additional portals (up to about 10 in a large group or ASP context) may share the same platform, each requiring a further
100Mb of RAM and 50Mb of disk space. Even the minimum configuration should be capable of handling more than 5,000 concurrent user sessions.
As a standard intranet system, virtually any client workstation running a conventional web browser can access it. The minimum client requirements are
MS Explorer 5.5 or above, or Firefox version 1 or above.
Other prerequisites are:
Genuine management support for information security. This significantly affects the quality of the ISMS in the long run, hence we consider it a
prerequisite not an option; A few hours up-front work by the information security manager to install and configure the system, complete the risk assessment, select and
customize the policy materials etc.; A few hours a month to maintain the policies and other materials on the system (the amount of time required depends on how stable the
organization’s security policies are, but is substantially less than would be required to create and manage the materials manually on the intranet or offline); Several hours a month to customize and circulate the NoticeBored Classic security awareness materials, field questions about security matters, run
briefings, presentations and training sessions etc. Again, the exact amount of effort required depends on your specific situation but we continually
research, write and provide high quality creative materials leaving you free to focus on communicating and interacting with your employees.
Licensing, support, maintenance and updates
SecureAware ISMS incorporates a license management function. Licensed NoticeBored Plus customers install their SecureAware license keys to unlock the
functionality. The NoticeBored Classic content is protected by copyright and is covered by a legally-binding license agreement.
We do not charge extra for telephone and email support, nor for software maintenance and updates. Major versions of SecureAware ISMS are released
approximately once a year with minor updates every three to six months. NoticeBored Classic delivers 12 regular monthly modules in a year. New
customers also receive the induction module as a ‘free bonus’ (i.e. in addition to the first of their 12 monthly modules), and we update and re-issue the induction
module roughly once a year. Other ‘bonus modules’ may be provided from time to time in response to emerging issues, major incidents etc. but there is no fixed schedule for these.
How to use NoticeBored Plus
The SecureAware ISMS software must first be installed on an intranet server by running the installation program, loading the license file we supply, setting a few
straightforward configuration options and setting up user IDs. The information security manager then sets to work on analyzing risks, defining policies, rules,
procedures etc. through the management interface. Once the policies, training modules and/or tests are approved, they are published to the intranet and are
immediately available to users. Thereafter, the same facilities are used to manage and maintain the materials, ensuring that the intranet system remains a
reliable and up-to-date source of security policies, standards, procedures, guidelines etc.
Users login to the intranet website through their browser screens and are presented with customized views of the policy materials according to their rôles in
the organization. Navigating the site through familiar menus, tabs and hyperlinks, users explore the materials and optionally take the online education modules and awareness tests.
Meanwhile, NoticeBored Classic awareness materials may be circulated either online (through the intranet system) or offline (on paper, through briefing
sessions, training classes, case-study seminars etc.) to supplement the awareness and training functions within the intranet system. Employees
therefore receive consistent messages about their information security obligations from a number of sources, gradually building the organization’s security culture.
How to purchase NoticeBored Plus
NoticeBored Plus is a product of IsecT Limited in conjunction with our software partners, >Neupart->. >Contact is->
> for a firm price quotation. Tell us how many users will access the intranet system and we will quote you a price.
Remember, NoticeBored Classic will be licensed for the same users as the NoticeBored Plus system. If you wish to extend your security awareness
program to cover the entire organization, ask us for a discounted price.
->
> |
