We provide these white papers to demonstrate the quality and style of our writing, to encourage you to plan your own information security awareness program and to give something back to the Internet community that gives us so much.  We hope you find them valuable.  They are all protected by copyright but by all means link to them and let us know if you’d like further information.

Why awareness?

Just what is so important about information security awareness anyway and, by the way, is security awareness enough?  This white paper explores the thinking behind NoticeBored, and includes a growing collection of sage comments relating to security awareness from experts in the field.

Information Security Policy, Awareness and Compliance Manager Role Description

We offer a template role justification, job description and candidate specification for someone to manage the organization’s information security policies, security awareness and compliance activities.  Whether you already have such a person on the payroll, or feel that perhaps you might benefit from a new role, this paper is a straw man to get you started on preparing your own job description, justifying the role to your management and selecting suitable applicants.  [Template job descriptions are now included in the monthly NoticeBored awareness modules.]

NoticeBored and ISO27k

This page explains how NoticeBored relates to “ISO27k”, the ISO/IEC 27000-series standards for information security management.  Our companion website www.ISO27001security.com presents a lot more information on the standards for those who would like to find out what all the fuss is about.

NoticeBored and US Federal requirements for security awareness

Prompted by NIST’s revised draft of SP800-16, this web page compares the security awareness topics covered by NoticeBored against the list of topics that US Government agencies are recommended to cover.

Security awareness business case

This white paper lays out a generic cost-benefit justification for investment in a structured security awareness program.  Even if you do not intend to become a NoticeBored subscriber, you will hopefully find the ideas in this paper useful if you need to persuade your management to invest in security awareness (although we are confident your program won’t be quite so cost effective as one based on NoticeBored!).

Security awareness podcasts (off-site)

Gary Hinson, our CEO, was interviewed by Julia Allen for a CERT podcast on social engineering.  Hear some tips on how social engineers work, how to spot them and how to respond.  [See also Gary’s article on social engineering techniques, risks and controls in EDPACS.]

Gary previously recorded a podcast with Scott Pinzon at Watchfire.  Hear how to make your security awareness program more effective by engaging managers, IT professionals and general employees, linking security in home life with security at work, and combining communications methods.

NoticeBored blog

Track our weblog to keep up with news, resources and commentary, with a focus on the current month’s NoticeBored security awareness topic.  We also contribute to other bogs, including ISC2’s.

7 myths about security metrics

A white paper on information security metrics, originally published in the July 2006 issue of the ISSA Journal, picked out and knocked over seven common myths about security metrics, and went on to outline a rational, pragmatic process for selecting useful metrics.  Given that many information security professionals consider metrics one of the hardest aspects of their job, this paper offers help where it’s needed most.

7 steps to security awareness

If you think you might like to run a security awareness program but are not sure where to start, take a look at our white paper.  We outline the process for drawing up your requirements, evaluating and selecting suitable solutions and so leading up to the point where you can launch your program.  This is a generic process description, not specific to NoticeBored.

Building a culture of information security

Simply making employees aware of their information security responsibilities is not necessarily sufficient to make them comply.  NoticeBored approaches changing the corporate culture through education, training and awareness activities to inform and motivate people.

Human factors in information security

A short paper succinctly summarizing the innovative concepts underlying the NoticeBored service.  Rated Best security paper by InfosecWriters.com.

NB: all our papers are protected by copyright. Please respect our intellectual property rights.  Plagiarists beware!  A top team of IPR lawyers has had great success so far in protecting our rights.  Intellectual property is close to our hearts.  Don’t mess with us.  We bite back.

NB: unlike many white paper sources on the Web, we won’t ask you to submit any personal information to download our papers.  We don’t need to know your email address or name for this, and we respect your right to privacy.  If you want more information from us, it’s up to you to get in touch.  The ball is in your court.

Copyright © 2013  IsecT Ltd.