 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
We are setting the benchmark in security awareness. NoticeBored is unconventional, unlike other “awareness solutions” on the market, making it tricky to weigh up NoticeBored against more traditional (some would say old fashioned!) approaches.
The simplest way to explain the originality that characterizes NoticeBored and differentiates it from run-of-the-mill competing products is to compare them side by side:
|
Traditional approach |
NoticeBored |
|
Inform staff through an annual, formal corporate communications session |
Inform and motivate staff and managers through multiple formal and informal communications channels running in parallel year-round |
|
Stick some corny eye-candy posters on staff noticeboards ... and leave them up indefinitely |
Circulate fresh awareness information every month in a range of formats so there’s always something new and interesting to read and absorb |
|
Get the go ahead, develop the awareness materials and eventually launch the awareness program with a bang ... but then quickly run out of steam |
Launch the program today! Quickly establish a high level of awareness and keep it rolling forward indefinitely, drawing on a stream of creative energy |
|
Cover too many issues at once, mostly at a rather superficial level due to time constraints |
Stick to a single, relevant information security topic each month, seizing the opportunity go into more depth as appropriate to each audience |
|
Stick to the basics such as viruses and passwords |
Cover about 30 topics from different perspectives, reflecting current security risks/incidents and topical news stories |
|
Broadcast management edicts and security instructions at staff |
Encourage feedback and interaction from employees and engage them by treating them as sentient human beings rather than mere information receptacles |
|
Deliver a random assortment of sometimes contradictory messages |
Through branding, integrate all the awareness materials into a coherent, consistent and instantly recognizable longitudinal campaign theme |
|
Think of “raised security awareness” |
Understand that security awareness is merely a step on the way to the genuine behavioral and cultural changes that will cut risks and reduce losses |
|
Tell staff to comply with “the rules” for information security as defined by management “or else” |
Help everyone (managers, staff and IT professionals) understand their respective security obligations; offer practical and relevant guidance in their own terms and familiar language |
|
Try to sack those who break the rules, but run into trouble with the lawyers or unions because “the rules weren’t clear” |
Ensure that everyone is aware of and understands their obligations; make people personally accountable for their actions |
|
Send staff away on security training courses and awareness sessions with no follow-up support |
Raise security awareness without interrupting normal work; encourage people to seek out further information (more pull than push) |
|
Be boring, tedious, generally ignored |
Be creative, interesting, engaging, fun |
|
Communicate either in a formal, stuffy and stilted style, or else a superficial, rather offhand style using childish cartoon graphics and weak jokes |
Use a full range of formal and informal communications styles and methods to suit the various adult audiences and messages, maintaining a professional business-like approach throughout |
|
Use IT Security Managers (if they have the time and competence) or technical authors (trained to write technical manuals in a technical style) to write information security materials |
Draw on a stream of high quality security awareness materials written to a consistent ‘camera ready’ standard of quality by well-qualified and experienced professional security awareness specialists |
|
Aim the security awareness materials squarely at “end users” (meaning IT users), more-or-less completely ignoring other audience groups |
Engage PEOPLE: staff, managers and technologists, including non-IT users, through an inclusive program giving appropriate information and guidance to suit each group’s needs |
|
Cover just the essentials - the bare minimum requirements only |
Cover the basics thoroughly, adding topical information security, governance, information risk and related subjects, aligned overall with the |
|
Blindly hope that awareness messages |
Measure the level of awareness objectively each month through awareness surveys and tests, and then use the data to improve the awareness program month-by-month |
|
Promise quick results from the awareness program and disappoint management when things don’t suddenly improve in just a few short months |
Anticipate a gradual but deep-rooted genuine cultural change taking around 18-36 months; lead management on the same journey. |
|
Pick someone junior from Information Security or Training to design and run the program, |
Draw on the professional expertise and energy of dedicated information security awareness specialists at low cost with zero management overhead |
|
Run the program purely as an internal IT activity, making the best of limited |
Tap into the resources of IsecT, the wider NoticeBored community and other parts of the organization e.g. HR, Risk Management, Compliance and Legal |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
In relation to setting the benchmark, some of our inventions, including ideas that have been central to NoticeBored since its launch in 2003, have mysteriously found their way into competitors’ awareness products. They say imitation is the sincerest form of flattery, so we consider ourselves duly flattered. Nevertheless, at NoticeBored we prefer to lead rather than be led. We don’t follow trends so much as set them. Originality and quality will always define our products and differentiate us from the pack. We continue to innovate at every opportunity, frequently introducing new awareness topics and different types of engaging and creative awareness material. If you have an usual security awareness idea, do get in touch. Together, we can bring good ideas to life.
We have shown you what NoticeBored is, what it can do for you and what makes it different from the rest. Read a summary of the benefits on the next page.
Copyright © 2010 IsecT Ltd.