|
We provide these white papers to demonstrate the quality and style of our writing, to encourage you to plan your own information security awareness program and to give something back to the Internet community that gives us so
much. We hope you find them valuable. They are all protected by copyright but by all means link to them and let us know if you’d like further information.
Why awareness? 
Just what is so important about information security awareness anyway and, by the way, is security
awareness enough? This white paper explores the thinking behind NoticeBored, and includes a growing collection of sage comments relating to security awareness from experts in the field.
Information Security Policy, Awareness and Compliance Manager Role Description
We offer a template role justification, job description and candidate specification for someone to manage the
organization’s information security policies, security awareness and compliance activities. Whether you already have such a person on the payroll, or feel that perhaps you might benefit from a new role, this paper
is a straw man to get you started on preparing your own job description, justifying the role to your management and selecting suitable applicants. [Template job descriptions are now included in the monthly NoticeBored awareness modules.]
NoticeBored and ISO27k
This page explains how NoticeBored relates to “ISO27k”, the ISO/IEC 27000-series standards for
information security management. Our companion website www.ISO27001security.com presents a lot
more information on the standards for those who would like to find out what all the fuss is about.
NoticeBored and US Federal requirements for security awareness
Prompted by NIST’s revised draft of SP800-16, this web page compares the security awareness topics
covered by NoticeBored against the list of topics that US Government agencies are recommended to cover.
Security awareness business case 
This white paper lays out a generic cost-benefit justification for investment in a structured security
awareness program. Even if you do not intend to become a NoticeBored subscriber, you will hopefully find the ideas in this paper useful if you need to persuade your management to invest in security awareness
(although we are confident your program won’t be quite so cost effective as one based on NoticeBored!).
Security awareness podcasts (off-site)
Gary Hinson, our CEO, was interviewed by Julia Allen for a CERT podcast on social engineering. Hear some
tips on how social engineers work, how to spot them and how to respond. [See also Gary’s article on social
engineering techniques, risks and controls in EDPACS.]
Gary previously recorded a podcast with Scott Pinzon at Watchfire. Hear how to make your security
awareness program more effective by engaging managers, IT professionals and general employees, linking security in home life with security at work, and combining communications methods.
NoticeBored blog
Track our weblog to keep up with news, resources and commentary, with a focus on the current month’s
NoticeBored security awareness topic. We also contribute to other bogs, including ISC2’s.
7 myths about security metrics
A white paper on information security metrics, originally published in the July 2006 issue of the ISSA Journal,
picked out and knocked over seven common myths about security metrics, and went on to outline a rational, pragmatic process for selecting useful metrics. Given that many information security professionals
consider metrics one of the hardest aspects of their job, this paper offers help where it’s needed most.
7 steps to security awareness
If you think you might like to run a security awareness program but are not sure where to start, take a look at our white paper. We outline the process for drawing up your requirements, evaluating and selecting
suitable solutions and so leading up to the point where you can launch your program. This is a generic process description, not specific to NoticeBored.
Building a culture of information security
Simply making employees aware of their information security responsibilities is not necessarily sufficient to make them comply. NoticeBored approaches changing the corporate culture through education, training and
awareness activities to inform and motivate people.
Human factors in information security
A short paper succinctly summarizing the innovative concepts underlying the NoticeBored service. Rated Best security paper by InfosecWriters.com.
NB: all our papers are protected by copyright. Please respect our intellectual property rights. Plagiarists
beware! A top team of IPR lawyers has had great success so far in protecting our rights. Intellectual property is close to our hearts. Don’t mess with us. We bite back.
NB: unlike many white paper sources on the Web, we won’t ask you to submit any personal information to
download our papers. We don’t need to know your email address or name for this, and we respect your right to privacy. If you want more information from us, it’s up to you to get in touch. The ball is in your court.
|