Unless you actually meant to call up the NoticeBored site map, you have probably just followed a dud hyperlink. This is an actively managed website that changes every week, often several times a day. The page you were seeking is probably still lurking here somewhere ... look through the pages listed below, start over at the home page or else try searching for it:

Search NoticeBored.com

Home

Where the heart is.

About NoticeBored

This section introduces and explains the NoticeBored services and products:

• About NoticeBored Classic Information on the original NoticeBored security awareness content-only service
• Product Data Sheet on NB Classic - summarizes the features
• NoticeBored Classic features - what are the main elements of the service?
• NoticeBored Classic audiences - describes the three target audiences for which the awareness materials are individually written
• NoticeBored Classic modules - outlines the information security topics covered by our monthly awareness modules
• NoticeBored Classic samples - samples of the NoticeBored Classic awareness materials typically delivered in the monthly modules
• Using NoticeBored Classic - explains how customers typically download and use the awareness content
• NoticeBored is unique! - a side-by-side comparison contrasts NoticeBored Classic’s innovative approach with a typical more conventional security awareness program
• NoticeBored Classic benefits - what will NoticeBored do for your organization?
• NoticeBored Classic price - NoticeBored Classic is the most cost-effective information security enhancement with prices starting at less than the cost of a single cup of coffee, per person, per year!
• NoticeBored customers - what does a typical NoticeBored customer look like? If you can see a pattern , do let us know!
• NoticeBored Classic back catalog - license all the prior modules in one go to supercharge your security awareness program and set it off to a flying start

NoticeBored Classic this month

Read about April’s NoticeBored Classic security awareness module on trust, integrity and IT fraud.

NoticeBored Classic induction module

A special security awareness module covering the basics of information security for use in security induction classes, and to help new customers launch their security awareness programs. Last updated in October 2006.

NoticeBored posters

New security awareness posters are supplied to NoticeBored customers electronically every month as high resolution image files. The awareness posters help to promote the month’s information security topic and are, of course, supported by the remaining awareness materials.



 

Information security policy manual

 Faced with the need for information security policies, it is tempting just to write a few policies covering the most obvious “security issues” and ignore the rest. A more professional approach involves assessing the organization’s information security risks and developing a comprehensive policy manual, systematically addressing all the material risks. Our generic security policy manual is a cost-effective way to document best practice information security controls, using ISO/IEC 27002:2005 as a basis.

NoticeBored blog and links archive

 The NoticeBored blog is a conventional weblog. New entries are added most days, especially when we add interesting new links to the links collection.

 The diary page lists the awareness topics we have covered to date (see below) with a forward view of those due in the next quarter. Links from the respective monthly entries take you to our corresponding pages in our managed collection of hyperlinks accompanying each security awareness module. Please tell us about broken links or suggest a link. 

• Accountability, responsibility and related links
• Audit links
• Authentication links
• Awareness links
• Bugs! links
• Change management links
• Compliance links
• Confidentiality links
• Contingency planning links
• Database security links
• Email security links
• Fraud links
• Governance links
• Hacking links
• Identity theft links
• Incident management links
• Induction course links (general information security)
• Insider threat links
• Integrity links
• Intellectual Property Rights IPR links
• IT Operations links
• Malware links
• Management of information security links
• Mobile computing and teleworking links
• Network security links
• Office security links
• Physical IT security links
• Privacy and data protection links
• Risk management links
• Secure development / security-SDLC integration links
• Social engineering links
• Third party security links
• Trade secret links
• Trust links

Book reviews

We have read these books mostly in the course of researching the security awareness modules and share the reviews here for the benefit of customers and other keen readers.

• Computer security - 20 things every employee should know - a handy little security booklet, useful as part of a security awareness program
• Computer Security for the Home and Small Office - security advice for the Small Office/Home Office owner
• Corporate Espionage - Ira Winkler’s first book, a good read some ten years after it was published if you can find a copy
• Enemy at the water cooler - we wished we hadn’t bought this ESM sales pitch but ESM customers and vendors evidently like it
• Google hacking - combined penetration tester’s technical manual and security manager’s horror story. 
• IDEO books on innovation - a pair of books by one of the owners of design company IDEO reveal their creative techniques
• Information security awareness - a rather academic book with some value to information security awareness professionals
• Insider threat - a disappointing treatise on such an important topic
• IT Governance 3^rd edition - a comprehensive guidebook to accompany ISO 17799 (BS 7799, ISO 27001/2) implementations
• IT Governance - an academic book with lasting value to practitioners
• Know Your Enemy - the honeynet bible
• Lessons Learned in Software Testing - recommended reading for thinking people involved in testing application systems
• Managing an information security and privacy awareness and training program - at last! A security awareness book we are happy to recommend unreservedly
• Net Crimes & Misdemeanors - a good security awareness book for naive net users
• Phishing - cutting the identity theft line - more than just phishing, this book covers identity theft, criminal hacking and malware
• Spies Among Us - an eminently readable and useful book covering industrial espionage, hacking and social engineering
• Spreadsheet check and control - highly recommended for spreadsheet users, their managers, governance specialists, auditors and regulators
• The Art of Deception - our review of Kevin Mitnick’s fascinating first book
• The CISO Handbook - full of practical guidance and advice for those tasked by management with ‘fixing information security’
• The Insider - a extensive but somehow disappointing collection of journalistic pieces on corporate espionage cases
• You Are A Loser - a useful source of security case studies for your awareness program
• Zen and the Art of Information Security - a superficial introduction to the field for non-experts

Freebies!

• 2008 security awareness calendar - our favorite twelve awareness images originally delivered to customers in 2007 as posters, now recycled into a 2008 calendar. An environmentally-friendly security awareness message
• Creating a security culture - purely raising awareness is not an end in itself!
• 7 myths about security metrics - discusses the key choices when designing a system to measure and report on information security
• 7 steps to security awareness - hints and tips on the process of planning and initiating an awareness programDatacenter security - white paper on physical and environmental security considerations for corporate datacenters
• Building a security culture - a short piece about the need to incorporate information security into your corporate culture
• Business case for an information security awareness program - a generic paper expounds the cost -benefit argument. Useful ideas for your own budget or investment proposal perhaps?
• Data center physical security - tips for securing physical access and environmental services for datacenters
• Human factors in information security - a white paper explains why information security is so reliant on people, not just technology
• ISO/IEC 27001/2 - explains how NoticeBored relates to ISO/IEC 27001 and 27002, the ISO/IEC international standards for Information Security Management Systems
• NoticeBored newsletters - if you like the look of the previous six issues (downloadable from the diary and blog page), sign up here for a free monthly subscription to get the very latest edition in your inbox at the start of every month
• Phishing alert - note about the continuing phenomenon of phishing email scams, plus four free awareness posters
• State of IT auditing in 2007 - an article published by EDPACS
• Why do we need information security awareness? - because people like you and me are the weakest links. Numerous quotes and reasoned analysis support the need for awareness

Contact us

Contact details with a feedback/information request form. Get in touch with us if you would like to evaluate NoticeBored Classic or NoticeBored Plus:

• Submit a link - suggest your favorite Internet security resources to add to our managed hyperlinks collection
• Copyright notice and disclaimer - describes how we protect our own intellectual property against theft and plagiarism, plus a legal disclaimer about using the information we supply
• Privacy policy summary - any personal details you submit to us are confidential
• Privacy policy detail - more info if you are still concerned, verging on truly paranoid

About IsecT

Briefly describes IsecT Ltd’s professional information security credentials (there’s lots more information on IsecT’s own website)

• Meet us - your chance to meet those behind NoticeBored face-to-face.

What’s new

• As this is a dynamic website, we keep a history of significant changes. If you can’t afford the time to hunt our site for the “new” and “changed” pointers, simply bookmark the what’s new page and visit when you can to keep up with any major developments. If you have the slack time and interest for browsing or research, we update the weblog and links collection with news stories and new links, respectively, most days. Come back soon!

Secret bonus level

As a public service for our fellow CISSPs and SSCPs, we maintain the Unofficial CISSP Forum FAQ. The forum is said by some to be the principal benefit of the CISSP qualification but shhhh, don’t tell anyone, eh? It’s our dirty little secret.