free page hit counter
Click the banner for the site map of NoticeBored.com, the information security awareness service
Freebies and white papers

We provide these white papers to demonstrate the quality and style of our writing, to encourage you to plan your own information security awareness program and to give something back to the Internet community that gives us so much. We hope you find them valuable. By all means link to them and let us know if you’d like further information.

Book reviews

Reviews of information security books that we’ve used as part of our research when writing the NoticeBored awareness materials.

Why awareness? Popular freebieUpdated most months

Just what is so important about information security awareness anyway and, by the way, is security awareness enough? This white paper explores the thinking behind NoticeBored, and includes a growing collection of sage comments relating to security awareness from experts in the field.

Security awareness business case Popular freebieUpdated for June 1

This white paper lays out a generic cost-benefit justification for investment in a structured security awareness program. Even if you do not intend to become a NoticeBored customer, you will hopefully find the ideas in this paper useful if you need to persuade your management to invest in security awareness (though your program won’t be quite so cost effective!).

Security awareness podcasts (off-site)

Gary Hinson, our CEO, was interviewed by Julia Allen for a CERT podcast on social engineering. Hear some tips on how social engineers work, how to spot them and how to respond. [See also Gary’s article on social engineering techniques, risks and controls in EDPACS.]

Gary previously recorded a podcast with Scott Pinzon at Watchfire. Hear how to make your security awareness program more effective by engaging managers, IT professionals and general employees, linking security in home life with security at work, and combining communications methods.

NoticeBored blogPopular freebieUpdated most weeks; new URL in June

Track our weblog to keep up with news, resources and commentary, mostly relating to the current month’s awareness topic. [Note: the blogroll on the right hand side takes ages to load: we’re still investigating why that is, but the 40-odd blogs listed there are well worth waiting for.]

EDPACS coverEDPACS articles (off-site)

EDPACS is a long-running professional journal focusing on IT audit and control topics. Gary Hinson is a member of the editorial board for EDPACS.

Gary’s article on social engineering techniques, risks and controls was published in the April-May 2008 issue of EDPACS. The article discusses information security controls for the pre-, para- and post-attack phases of a social engineering incident.

IT auditing has come a long way from tick-and-bash reviews of mainframe security parameters. Read about modern IT audit methods in The state of IT auditing.

 

 

NoticeBored calendar 2008 cover 1502008 security awareness calendar

The environmentally-friendly NoticeBored 2008 security awareness calendar recycles twelve of our favorite images originally delivered to NoticeBored customers for use as security awareness posters during 2007.

 

7 myths about security metrics Popular freebie

A white paper on security metrics, originally published in the July 2006 issue of the ISSA Journal, picked out and knocked over seven common myths about security metrics, and went on to outline a rational process for choosing useful metrics.

7 steps to security awareness

If you think you might like to run a security awareness program but are not sure where to start, take a look at our white paper. We outline the process for drawing up your requirements, evaluating and selecting suitable solutions and so leading up to the point where you can launch your program. This is a generic process description, not specific to NoticeBored.

Building a culture of information security

Simply making employees aware of their information security responsibilities is not necessarily sufficient to make them comply. NoticeBored approaches changing the corporate culture through education, training and awareness activities to inform and motivate people.

Data-center security

An early example from our technical awareness stream concerning physical security measures and environmental protection for the data center.

Human factors in information security

A short paper succinctly summarizing the innovative concepts underlying the NoticeBored service. Rated Best security paper by InfosecWriters.com.

ISO27k and NoticeBored

This page explains how NoticeBored relates to the ISO/IEC 27000-series standards for information security management, derived from BS 7799 and ISO/IEC 17799.

NoticeBored Newsletter Popular freebie

The free monthly PDF newsletter introduces the background to each of our awareness modules and presents a generic risk analysis on the topic. To find out about the corresponding best practice controls, and to receive the MS Word version of the newsletter, you’ll need to subscribe to NoticeBored.

NB: all our papers are protected by copyright. Please respect our intellectual property rights. Plagiarists beware! A top team of IPR lawyers has had great success so far in protecting our rights. Intellectual property is close to our hearts. Don’t mess with us.

NB: unlike many white paper sources on the Web, we won’t ask you to submit any personal information to download our papers. We don’t need to know your email address or name for this, and we respect your right to privacy. If you want more information from us, it’s up to you to get in touch. The ball is in your court.
NB home > Freebies >

Copyright © 2008 IsecT Ltd.