The links collection and blog are not the only pages that change often on this site.  As you’ll see from the history below, both our products and this website are constantly evolving.  We are proud of our record of innovation, continuously finding new ways to make information security more interesting, engaging and hence effective.  Check this page often to keep up with developments and by all means get in touch if you have creative input and product improvement suggestions that would help us retain our edge in this competitive market.  Take the lead with NoticeBored and help us leave our competitors for dust.

February - BYOD security

We released a brand new security awareness module on Bring Your Own Device, covering the use of personal ICT devices such as laptops, tablets and smartphones for work purposes.

January 2012 - business continuity

The awareness materials on business continuity covered disaster avoidance, resilience, recovery and contingency, going well beyond ISO/IEC 27002’s rather basic coverage.

December - network security

Network security awareness module refreshed, updated and expanded once more.  The older NoticeBored modules which are showing their age have now been retired and put out to grass.

November - credentials

Protecting passwords and passes sums up the focus of November’s awareness materials on the security credentials used for identification and authentication.  We released a set of topic-based information security policies aimed at general employees, and restructured the security policy pages accordingly, splitting out the policy FAQ.

October - privacy

Privacy considerations go beyond information security into areas such as business ethics and compliance.  The privacy module covers all angles - like the CCTV camera in one of the posters.

September - human side of information security

Awareness module covered the human aspects of information security concerning humans as both threats and vulnerabilities e.g. social engineering and social networking.  We also uploaded a fresh set of sample awareness materials.

August - learning from information security incidents

Another new security awareness topic, refining and extending our previous coverage of incident management to focus on learning from incidents experienced by the organization itself, or by others.

July - information protection

Awareness module covers information asset ownership, accountability for security, classification and baseline security.  Updated the NoticeBored product data sheet, information flyer and tri-fold product summary.

June - electronic messaging security

A lot of social interaction today occurs by means of electronic messaging such as email, IM and SMS/TXT, while organizations are increasingly adopting person-to-person messaging into their business processes for internal and/or external communications.  Availability is clearly an issue, but so too are integrity and confidentiality.

May - database security

Databases are at the heart of most business systems, hence database security incidents strike right at the heart of the business.  While conventional security awareness programs are unlikely to cover databases specifically, NoticeBored leads where others follow.  We know it’s an important awareness topic.  The trick is to be creative about covering it so as to engage employees.

April - cloud computing

A brand new awareness module covered the security aspects of cloud computing and virtualization, taking our list of security topics covered by the NoticeBored program up to 35.

March - malawareness

The malawareness module covered viruses, worms, Trojans, crimeware, rootkits, spyware and more.  We also reviewed the new second edition of Rebecca Herold’s excellent book on security awareness.

February - Intellectual Property Rights (IPR)

The February module covered IPR including copyright, patents, trademarks and contractual clauses.  Another massive quake in Christchurch merited a paragraph on disaster planning and an appeal for donations.

January 2011 - physical security

We started the new year with a module on protecting tangible information assets against physical risks including a new regular awareness deliverable - a ‘risk-control spectrum’ diagram.  Updated the Information Security 101 new employee security induction/orientation and awareness program launch module with 4 new items and refreshed all the others.  Introduced a 5-page model Corporate Information Security Policy to complement the existing ~150 page model Information Security Policy Manual.  Reviewed a good Information Security Governance book.

2010

We introduced a new regular awareness deliverable - the FAQ.

Topics covered in 2010: business continuity, social engineering, security compliance, wireless security, industrial espionage,  human aspects of information security, incident management, identity theft, network & Internet security, malware, cryptography and secure software development.

Books reviewed: Johnny Long’s No Tech Hacking, Krag Brotby’s Information Security Management Metrics, David Lacey’s Managing the Human Factor in Information Security and the ITIL v3 security book.

2009

We released several new modules, for example on digital forensics and SCADA/ICS security.  Explained how NoticeBored supports bi-modal individual and group learning.  Published a white paper describing the role of information security policy, awareness and compliance manager.  Poster pages reorganized.  Launched Information Security 101, an information security awareness module for new employee orientation or induction training, covering the basics of information security in simple, straightforward terms.   Quoted from an ISF workshop on security awareness in our living white paper about The value of security awareness.  Announced a new product, a pack of ICQs (guides for self-checking your organization’s information security controls).  Updated the policy manual to reflect the release of ISO/IEC 27000, and various other changes in the field of information security.  Updated the paper on ISO27k and NoticeBored.  Quoted ISC2’s John Colley and Microsofty Mohammad Akif.  Introduced the concept of awareness-on-demand.  Added a new page describing how NoticeBored meets the US Federal Government requirements for security awareness as documented in NIST SP800-16 and other sources.  Quoted from the executive summary of Deloitte’s security survey.  Added a button for you to make a donation via PayPal if you like our newsletters.  Released a mini-module on the Downadup/Conficker worm infestation, just ahead of February’s malware awareness module.  Hacked together a virtual bookstore to help visitors find some excellent information security books at Amazon.

2008

Refreshed and updated an awareness module on securing portable IT devices and teleworking (working from home or on the road), now titled “Gizmo security”.  Incorporated the idea of ‘bootstrapping new employees’ and building security (awareness) in from the start, into the induction/orientation module page.  Added information on a new academic book including a chapter on security awareness by our CEO.  Released brand new modules on ethics, information security governance, information security risk management, on information security issues for the average office and on trust, integrity and fraud, all in the context of IT or, more precisely, information.  Reviewed Mark Desman’s book on security awareness, The Art of Intrusion, Computer Security for the Home and Small Office, an implementation guide book for PCI DSS and one on incident management.  Introduced the elevator pitches and started selling the poster images for those who only want awareness posters.  Linked to a new security awareness paper by ENISA.  Explained more about security awareness for compliance reasons as a key business benefit of NoticeBored. Moved office to Hawke’s Bay.  Updated the business case for a security awareness program.  Added a page promoting our partners.   Linked to an EDPACS article on social engineering and a CERT podcast on social engineering, both by our CEO.  Added a FAQ section to the policy manual page, explaining how we envisage the policy manual being of value.  Released an extensively updated awareness module on “Plan B” i.e. disaster contingency planning (DCP), resilience, business continuity planning (BCP) and disaster recovery planning (DRP).  .  Added an extract from NERC standard CIP-004 to the Why awareness? paper and total immersion security awareness section.  Added a white paper on the state of IT auditing, published in EDPACS.  Updated the customer page, now more than 50.  Explained the concept of total immersion security awareness. 

2007

Released a module on social engineering, one of our ‘core modules’ that we believe every information security awareness program should cover, though not all do.   Added a customer endorsement from Alliance Data (thanks Shannon!).  The ‘laws, regs and standards’ module has a new name: security compliance.  Published an awareness calendar and a fully revised and updated induction module (a free bonus to NoticeBored licensees).  Released a module on physical security and environmental protection of information assets and a sample of our new security awareness tests.  Updated the business case for security awareness.  Released a brand new awareness module about protecting trade secrets against industrial espionage.  Reduced the price of the generic information security policy manual to US$295.  Published a review of Lessons Learned in Software Testing, The Insider, Corporate Espionage, Zen and the Art of Information Security,  two IDEO books on innovation, Net Crimes & Misdemeanors, an Insider Threat book,  Know Your Enemy, Google Hacking, Enemy at the water cooler  and an $8 computer security employee awareness booklet.  Released brand new awareness modules on insider threats and database security.  Updated our white paper on the value of security awareness.

2006

Described the back catalog, a whole library of creative materials to supercharge your security awareness program.  Published the CISSPforum FAQ.  Used the ‘unconscious competence’ psychological model of learning to explain our approach on the About NB page.  Republished our 7 myths about security metrics paper (as published by ISSA Journal).  Started delivering a hyperlinked glossary and a management paper about metrics on each monthly topic.  IsecT and NoticeBored were endorsed by ENISA in a paper for SMEs about building security awareness programs.  Released a generic Information Security Policy Manual, based on ISO/IEC 27001 and 27002.  Reviewed IT Governance - A Manager’s Guide to Data Security and BS 7799 / ISO 17799.  Quoted E&Y on the value of security awareness in our evolving white paper.  Our white papers and the PDF versions of our newsletters are now covered by a Creative Commons license.  Noted the broad range of NoticeBored customers.  Reviewed Managing an information security and privacy awareness and training program: unreservedly recommended.  Updated and expanded the induction module.  Reviewed the CISO Handbook.

2005

Relocated IsecT Ltd. to New Zealand.  Updated the ‘office clock’ on the contact us page in the forlorn hope of avoiding calls from the States in the middle of our night ... Reviewed Spies Among Us and Spreadsheet check and control and a neat little awareness book You Are A Loser - all three highly recommended - plus Tim Layton’s book on information security awareness and an IT Governance book..  Added NIST SP references on the value of security awareness page.  Referenced our ISO27001security website. Released a special free bonus module for security induction training.  Referenced Mich Kabay’s seminal paper on the psychological aspects of information security awareness in our Value of security awareness white paper.  Published a special mid-month bonus NoticeBored security awareness module on crisis management and contingency planning, inspired by the amazing London emergency services’ response to the bombs of July 7^th.  Launched Global Security Week.  Started delivering mind maps and awareness surveys to customers.  Released Seven Steps to Security Awareness and Physical and Environmental Security for Datacenters white papers.  Republished the Build your own security culture presentation because visitors are still looking for it.  Added a glowing customer endorsement to the page suggesting how customers might use NoticeBored.  Added to our piece on why we need security awareness.  [Some enterprising customers are using this piece plus our business case for an information security awareness program to justify a budget line item for a security awareness program.  Good luck to ‘em!].  Launched the NoticeBored blog.  Commented on competitors introducing curiously similar awareness services, albeit some 18 months after we launched NoticeBored ;-)

2004

Started releasing core awareness topics on a quarterly basis, repeating every year.  Updated the Why awareness? paper.  Released an awareness module on wireless networking as a “special”, an extra topic inserted into the planned cycle.  Updated the NoticeBored samples to demonstrate the range and format of NoticeBored materials.  Website privacy policy updated with a more complete formal version here.  Issued a spoof press release on ‘global no-email day’ for April 1st.  Updated the business case paper.  Added a phishing alert page with an offer of four free phishing awareness posters available through the updated contact page.  Added samples of our security awareness posters.

2003

After an 18-month gestation period researching, designing, developing and preparing the concept, NoticeBored finally hit the Web in May 2003.  Our first security awareness topic was malware - a topic we have covered several times since.  Also in 2003, we: launched the free monthly NoticeBored newsletter; documented the need for security awareness and a generic business case for an information security awareness program; published white papers showing how NoticeBored topics relate to ISO/IEC 17799 sections and one on Human factors in information security; and released the availability module a month earlier than planned to coincide with news of Blackout 2003 and widespread power cuts in London

Copyright © 2012  IsecT Ltd.