NoticeBored provides outstanding awareness materials targeting three distinct audiences, written with these specific audiences in mind in terms of the writing style, formats, technical complexity and length.  Below you will find samplers of the NoticeBored materials.

Please remember that, whilst most of these samplers are limited-resolution read-only PDFs, NoticeBored customers receive the original editable MS Word, PowerPoint, Visio and JPG files. 

All the materials in a given monthly module cover the same information security topic whereas some of the samplers here are drawn from different modules.

Each module contains an appropriate range of awareness materials for the three streams, depending on the subject matter - in other words, a given module will include most but not necessarily all of the different types/formats of awareness deliverable shown below.  Check the contents of this month’s module for instance or look at the file listings for previous modules provided in the Back Catalog.

Stream 1: security awareness materials for all employees

• “Train-the-trainer” guides suggest creative internal communications activities for the person or people running the information security awareness program to perform.  We offer fresh ideas every month, ranging from prize draw competitions and security awareness board games to self-phishing and black bag runs.  While others struggle to find the time even to research and write their awareness materials, NoticeBored customers reserve their energies for the delivery and interaction with employees.
• Security awareness seminar presentations cover aspects of the monthly topic that are likely to be of general interest to most people in the organization.  They are straightforward, relatively simple  PowerPoint slides, but with more detailed speaker notes included.  Using little if any technical jargon, the presentations explain the basic aspects of the topic and focus on things employees ought to consider to protect information, both at the office and often at home too.
• Security awareness posters use dramatic photographic images to promote the information security brand in a general sense, raising awareness of each month’s awareness topic in particular.  The posters (normally six different designs per module) are deliberately intriguing and thought-provoking in style with the bare minimum of text and, often, subtle humor.  [The security awareness poster images are also sold separately.]
• Security awareness screensavers are based on images drawn from the presentations, posters etc.  Most modules contain four screensavers.  [Note: please don’t download the sample screensaver if your corporate security policies prohibit running executable code from the Web, and if you do be sure to virus-scan it.  We know it’s benign but do you?]
• Security awareness stickers and bookmarks are simple gimmicks, things to give away as prizes and thank-yous.  The stickers are like miniature posters, designed to catch employees’ eyes while they are wandering aimlessly around the workplace.  The bookmarks include relevant quotations to set people thinking.
• Security guidelines provide a bit of background and context for the procedures and policies.  These normally cover relevant aspects of the monthly topic in a bit more depth and make good desk-drops, handouts for the awareness presentations or content for Information Security’s intranet Security Zone.
• Security procedures are intended as generic templates or models against which to check your own procedures for completeness or, if you don’t have any, as a starting point to write your own.  Each organization has its own unique processes so our procedures may not always suit your organization.
• Security awareness case studies are ideal for team meetings, facilitated seminars, brown-bag lunchtime sessions or as the basis for practical break-out exercises in security training courses.  After describing a scenario, the case study poses a handful of questions to draw out the information security aspects in a class discussion.  Model answers are provided on a separate page to guide the facilitator or trainer, get the discussion going and draw out the key security messages from the case.
• Take home messages aim to summarize the entire month’s topic on one side for staff.  We often use a mind map and a few bullets explaining the key messages.  The sampler includes a cut-out-and-keep credit-card-sized handy reminder slip (catchy name, eh?!).
• Security awareness crosswords give your employees a bit of a challenge to figure out key words associated with the monthly topic.  Have some fun whilst learning information security terms.  Some customers offer prizes for completed crosswords, turning them into awareness competitions.
• Awareness survey forms have a dual purpose: (1) to assess the level of employee security awareness in a simple and non-threatening way, and (2) to gather audience feedback comments and suggestions to improve the program.
• Awareness tests present a handful of multiple-choice questions.  The test questions probe employee’s recall and understanding of key messages on the monthly topic, although some of the answers are decidedly tongue-in-cheek.  Customers are welcome to print and hand out the tests or cut-and-paste them into Information Security’s intranet Security Zone or LMS.  We don’t provide stock answers since each organization may be different, and anyway discussion about the rights and wrongs of a question is itself a worthwhile awareness activity!
• FAQ - Frequently Asked Questions is another succinct one-pager covering the key elements of the topic in a double column question-and-answer format.
• Top tips are succinct one-siders giving brief action-oriented suggestions relating to the topic in a work and home context, respectively.
• The security glossary explains the specialist information security terms commonly associated with each month’s topic.  Many explanations contain terms that are themselves explained further so embedded hyperlinks make the connections easier to follow.
• The NoticeBored managed links collection has a page of annotated links dedicated to each month’s security topic.  We also blog about related news stories etc.  This all brings a sense of reality and immediacy to the subject matter, encouraging interested employees to explore further.

Stream 2: security awareness materials for managers

• Mind maps and diagrams outline the topic, showing relationships between the main elements at a glance.  Stand back for the whole picture or zoom in on the details.  We use mind maps in most of the presentations and supply the original Visio files so customers can adapt and re-use the images in other contexts if they wish.
• The Board agenda raises information security and related governance matters for consideration by the Board of Directors and C-suite executives.  Support for information security from the top table presumes they appreciate the issues, so awareness is important even at this level.  The agenda is a device to stimulate discussion around information security, risk management and governance topics.
• Model information security policies are provided as generic straw-men against which to benchmark your existing corporate policies (if they exist) or to create new ones (if they don’t) relating to the monthly topic.  High level principles (axioms) are supported by more detailed policy statements.  The roles and responsibilities typically associated with each policy are explicitly documented.  [We also sell a set of information security policies and a complete Information Security Policy Manual separately.]
• Management seminar presentations are generally built around diagrams - just a handful of slides covering the topic at a high level but with extensive speaker notes to guide the presenter and optionally to print for use as handouts.
• Elevator pitches pick up on the idea that you’ve found yourself sharing the elevator with the CEO or some other senior manager.  What might you say about the topic, in a nutshell?
• Executive briefings are intended for those with senior managerial or governance responsibilities and a more strategic point of view.  The exec briefings are punchy in style - just a single-side and that gets straight to the point - yet they outline the security topic and key issues for senior managers
• Management briefings are succinct papers for general managers describing the governance, control and oversight/compliance activities that managers should be performing.
• Outline business cases (generic cost-benefit analyses) provide the bare bones financial justification for investment in security controls relating to some topics.
• Model job descriptions lay out the key elements and responsibilities of security-related roles, along with an outline of the ideal candidate’s qualifications, experience, skills and aptitudes.
• Metrics briefings present options to help management measure the performance and suitability of the organization’s security controls relating to the monthly topic.  These include “management confidence metrics” and “process maturity metrics”, as well as more conventional metrics on the operation of security.

Stream 3: security awareness materials for IT professionals

• The newsletters introduce and outline each subject, analyzing the information security risks using topical extracts from the news media to bring the issue to life.  The risk-control spectrum diagram is a feature of recent newsletters and is often used to structure the technical seminar by considering the range of risks relating to the topic and security controls that may be appropriate to address unacceptable risks.
• Technical seminars are great for “lunch-n-learn” or “brown bag sessions”, team meetings, to post on your Security Zone or to share with the IT department and power users by email.  Speaker notes are included.  These are security awareness materials, not in-depth training courses, but they may form a suitable platform on which to build more detailed technical courses.
• Technical briefings describe the security controls normally used to reduce the risks identified in the newsletter.  These naturally emphasize technical controls for the IT audience but usually mention other types of controls as well to promote a more balanced approach.
• Internal Control Questionnaires (controls review/audit checklists) provide the starting point for a structured review of your organization’s information security controls against policies, applicable laws, regulations and contracts, and best practice standards such as ISO/IEC 27002.  [A set of more than 30 ICQs is on sale separately.]

Constant innovation and product development drives us to introduce new types or formats of awareness material from time to time.  We are always open to good new ideas so if there is a particular type or format of awareness material that you think we ought to include, or if you have improvement suggestions for those already in the mix, please do let us know.  You might even earn yourself a freebie!

Whilst you review the samples, have a think about how you might make use of NoticeBored to drive your security awareness program.

Ready to evaluate NoticeBored?

If you like the look of the samples and would like to take things further, why not ask us for a product evaluation ?  We’ll send you a full set of materials from a single NoticeBored module delivered to customers within the past year.  That way, you’ll experience the breadth and quality, and appreciate how all the materials hang together and reinforce each other.  We will give you the opportunity to demonstrate NoticeBored to your management, and time to think through how you will actually use it to drive your information security awareness program to new heights.

Copyright © 2012  IsecT Ltd.