NoticeBored provides outstanding awareness materials targeting three distinct audiences, written with these specific audiences in mind in terms of the writing style, formats, technical complexity and length.  Below you will find samplers of the NoticeBored materials.

Please remember that, whilst most of these samplers are limited-resolution read-only PDFs, NoticeBored customers receive the original editable MS Word, PowerPoint, Visio and JPG files. 

All the materials in a given monthly module cover the same information security topic whereas some of the samplers here are drawn from different modules.

Each module contains an appropriate range of awareness materials for the three streams, depending on the subject matter - in other words, a given module will include most but not necessarily all of the different types/formats of deliverable shown below.  Check the contents of this month’s module for instance or look at the file listings for previous modules provided in the Back Catalog.

Stream 1: security awareness materials for all employees

• Security awareness posters use dramatic photographic images to promote the information security brand in a general sense, raising awareness of each month’s awareness topic in particular.  The posters (normally six different designs per module) are deliberately intriguing and thought-provoking in style with the bare minimum of text and, often, subtle humor.  [Our security awareness posters are also on sale separately.]
• Security awareness seminar presentations cover aspects of the monthly topic that are likely to be of general interest to most people in the organization.  They are straightforward, relatively simple  PowerPoint slides, but with more detailed speaker notes included.  Using little if any technical jargon, the presentations explain the basic aspects of the topic and focus on things employees ought to consider to protect information, both at the office and often at home too.
• Top tips - customers asked for shorter, more succinct, action-oriented advice for staff on the topic so we responded with this one-side format.
• Security awareness briefings cover relevant aspects of the monthly topic in a bit more depth and make good desk-drops, handouts for the awareness presentations or content for Information Security’s intranet Security Zone.
• Security guidelines provide a bit of background and context for the procedures and policies.
• Security procedures are intended as generic templates or models against which to check your own procedures for completeness or, if you don’t have any, as a starting point to write your own.  Each organization has its own unique processes so our procedures may not always suit your organization.
• Take home messages aim to summarize the entire month’s topic on one side for staff.  We often use a mind map and a few bullets explaining the key messages.  The sampler includes a cut-out-and-keep credit-card-sized handy reminder slip (catchy name, eh?!).
• Security awareness screensavers are based on images drawn from the presentations, posters etc.  Most modules contain four screensavers.  [Note: please don’t download the sample screensaver if your corporate security policies prohibit running executable code from the Web, and if you do be sure to virus-scan it.  We know it’s benign but do you?]
• Security awareness case studies are ideal for team meetings, facilitated seminars, brown-bag lunchtime sessions or as the basis for practical break-out exercises in security training courses.  After describing a scenario, the case study poses a handful of questions to draw out the information security aspects in a class discussion.  Model answers are provided on a separate page to guide the facilitator or trainer, get the discussion going and draw out the key security messages from the case.
• Security awareness stickers are conceptually like miniature posters, designed to catch employees’ eyes while they are wandering aimlessly around the workplace.
• Security awareness crosswords give your employees a bit of a challenge to figure out key words associated with the monthly topic.  Have some fun whilst learning information security terms.  Some customers offer prizes for completed crosswords, turning them into awareness competitions.
• Awareness tests present a handful of multiple-choice questions.  The test questions probe employee’s recall and understanding of key messages on the monthly topic, although some of the answers are decidedly tongue-in-cheek.  Customers are welcome to print and hand out the tests or cut-and-paste them into Information Security’s intranet Security Zone or LMS.  We don’t provide stock answers since each organization may be different, and anyway discussion about the rights and wrongs of a question is itself a worthwhile awareness activity!
• Awareness survey forms have a dual purpose: (1) to assess the level of employee security awareness in a simple and non-threatening way, and (2) to gather audience feedback comments and suggestions to improve the program.
• The security glossary explains the specialist information security terms commonly associated with each month’s topic.  Many explanations contain terms that are themselves explained further so embedded hyperlinks make the connections easier to follow.
• The NoticeBored managed links collection has a page of annotated links dedicated to each month’s security topic.  We also blog and now Tweet about related news stories etc.  This all brings a sense of reality and immediacy to the subject matter, encouraging interested employees to explore further.

Stream 2: security awareness materials for managers

• Mind maps outline the whole topic diagrammatically, showing relationships between the main elements at a glance.  Stand back for the whole picture or zoom in on the details.  We supply the original Visio files so customers can adapt and re-use the mind map images in other contexts if they wish.
• Management briefings are succinct papers for general managers.  Shorter and higher-level executive briefings are intended for those with senior managerial or governance responsibilities and a more strategic point of view.  These briefings are quite punchy in style - usually a single or double-sided leaflet and straight to the point - yet they outline the security topic and describe the corresponding control and oversight/compliance activities that managers should be performing.
• Elevator pitches pick up on the idea that you’ve found yourself sharing the elevator with the CEO or some other senior manager.  What might you say about the topic, in a nutshell?
• Management presentations are generally built around the mind maps to avoid ‘death by PowerPoint’ - just a handful of slides covering the topic at a high level but with extensive speaker notes to guide the presenter and optionally to print for use as handouts.
• The innovative NoticeBored Board agenda raises information security and related IT governance matters for consideration by the Board of Directors or C-level executives.  Support from the top table starts with their understanding of the issues.  The agenda is basically a debating device to stimulate discussion around information security, risk management and IT governance topics.
• Model information security policies are provided as generic straw-men against which to benchmark your existing corporate policies (if they exist) or to create new ones (if they don’t) relating to the monthly topic.  High level principles (axioms) are supported by more detailed policy statements.  The roles and responsibilities typically associated with each policy are explicitly documented.  [We also sell a full Information Security Policy Manual separately.]
• Outline business cases (generic cost-benefit analyses) provide the bare bones financial justification for investment in security controls relating to some topics.
• Metrics briefings lay out some options for management to consider setting targets and measuring the performance and suitability of the organization’s Information Security Management System.  We provide “management confidence metrics” and now “maturity metrics”, as well as more conventional tactical metrics on the operation of security.

Stream 3: security awareness materials for IT professionals

• ”Start here” awareness program activities papers suggest creative internal communications activities for the person or people running the information security awareness program to perform.  We offer fresh ideas every month, ranging from prize draw competitions and security awareness board games to ‘self phishing’ and ‘black bag runs’.  While others struggle to research and write awareness materials, security awareness professionals armed with NoticeBored have the time to ‘do stuff’.
• You are probably already familiar with the NoticeBored newsletters provided free of charge as PDF files to our mailing list.  These introduce and outline each subject, analyzing the information security risks using topical extracts from the news media to bring the issue to life.  Paying customers receive the same content but in the form of editable MS Word files, allowing them to edit and cut-and-paste relevant sections of text for their internal newsletters etc.
• Technical briefings describe the security controls normally used to reduce the risks identified in the newsletter.  These naturally emphasize technical controls for the IT audience but usually mention other types of controls as well to promote a more balanced approach.
• Technical presentations are great for technical seminars (“brown bag sessions”), team meetings, to post on your Security Zone or to share with the IT department and power users by email.  Speaker notes are included.  These are security awareness materials, not in-depth training courses, but they may form a suitable platform on which to build more detailed technical courses.
• Internal Control Questionnaires (controls review/audit checklists) provide the starting point for a structured review of your organization’s information security controls against policies, applicable laws, regulations and contracts, and best practice standards such as ISO/IEC 27002.  [ A set of more than 30 ICQs is now sold separately.]

Constant innovation and product development drives us to introduce new types or formats of awareness material from time to time.  We are always open to good new ideas so if there is a particular type or format of awareness material that you think we ought to include, or if you have improvement suggestions for those already in the mix, please do let us know.  You might even earn yourself a freebie!

Whilst you review the samples, have a think about how you might make use of NoticeBored to drive your security awareness program.

Ready to evaluate NoticeBored?

If you like the look of the samples and would like to take things further, why not ask us for a product evaluation ?  We’ll send you a full set of materials from a single NoticeBored module delivered to customers within the past year.  That way, you’ll experience the breadth and quality, and appreciate how all the materials hang together and reinforce each other.  We will give you the opportunity to demonstrate NoticeBored to your management, and time to think through how you will actually use it to drive your information security awareness program to new heights.

Copyright © 2010  IsecT Ltd.