Click the banner for the site map of NoticeBored.com, the information security awareness service
Freebies and white papers

We provide these white papers to demonstrate the quality and style of our writing, to encourage you to plan your own information security awareness program and to give something back to the Internet community that gives us so much. We hope you find them valuable. They are all protected by copyright but by all means link to them and let us know if you’d like further information.

NoticeBored and ISO27k Updated May 11th

This page explains how NoticeBored relates to ISO27k, the ISO/IEC 27000-series standards for information security management

NoticeBored and US Federal requirements for security awareness

Prompted by NIST’s revised draft of SP800-16, this web page compares the security awareness topics covered by NoticeBored against the list of topics that US Government agencies are recommended to cover.

NoticeBored Newsletter Popular freebie

The monthly NoticeBored newsletter introduces the background to each of our security awareness modules and presents a generic risk analysis on the topic. Please sign up to the Google Group to receive the free ‘read only’ PDF version of the newsletter. [The editable MS Word version is provided to customers.]

Security awareness briefing pack for software developers

Why is it that so many organizations expect their software developers and other IT people to “do” information security, yet they don’t bother to train them in the art? Our security awareness briefing pack for software developers goes some way toward redressing the balance.

Why awareness? Popular freebie

Just what is so important about information security awareness anyway and, by the way, is security awareness enough? This white paper explores the thinking behind NoticeBored, and includes a growing collection of sage comments relating to security awareness from experts in the field.

Security awareness business case Popular freebie

This white paper lays out a generic cost-benefit justification for investment in a structured security awareness program. Even if you do not intend to become a NoticeBored customer, you will hopefully find the ideas in this paper useful if you need to persuade your management to invest in security awareness (though your program won’t be quite so cost effective!).

Security awareness podcasts (off-site)

Gary Hinson, our CEO, was interviewed by Julia Allen for a CERT podcast on social engineering. Hear some tips on how social engineers work, how to spot them and how to respond. [See also Gary’s article on social engineering techniques, risks and controls in EDPACS.]

Gary previously recorded a podcast with Scott Pinzon at Watchfire. Hear how to make your security awareness program more effective by engaging managers, IT professionals and general employees, linking security in home life with security at work, and combining communications methods.

NoticeBored blogUpdated most weeks

Track our weblog to keep up with news, resources and commentary, with a focus on the current month’s NoticeBored security awareness topic. We also contribute to other bogs, including ISC2’s.

EDPACS free sample issueEDPACS articles (off-site)

EDPACS is a long-running professional journal focusing on IT audit and control topics. Gary Hinson is a member of the editorial board for EDPACS.

Gary’s article on social engineering techniques, risks and controls was published in the April-May 2008 issue of EDPACS. The article discusses information security controls for the pre-, para- and post-attack phases of a social engineering incident.

IT auditing has come a long way from tick-and-bash reviews of mainframe security parameters. Read about modern IT audit methods in The state of IT auditing.

 

 

7 myths about security metrics

A white paper on security metrics, originally published in the July 2006 issue of the ISSA Journal, picked out and knocked over seven common myths about security metrics, and went on to outline a rational process for choosing useful metrics.

7 steps to security awareness

If you think you might like to run a security awareness program but are not sure where to start, take a look at our white paper. We outline the process for drawing up your requirements, evaluating and selecting suitable solutions and so leading up to the point where you can launch your program. This is a generic process description, not specific to NoticeBored.

Building a culture of information security

Simply making employees aware of their information security responsibilities is not necessarily sufficient to make them comply. NoticeBored approaches changing the corporate culture through education, training and awareness activities to inform and motivate people.

Data-center security

An early example from our technical awareness stream concerning physical security measures and environmental protection for the data center.

Human factors in information security

A short paper succinctly summarizing the innovative concepts underlying the NoticeBored service. Rated Best security paper by InfosecWriters.com.

NB: all our papers are protected by copyright. Please respect our intellectual property rights. Plagiarists beware! A top team of IPR lawyers has had great success so far in protecting our rights. Intellectual property is close to our hearts. Don’t mess with us. We bite back.

NB: unlike many white paper sources on the Web, we won’t ask you to submit any personal information to download our papers. We don’t need to know your email address or name for this, and we respect your right to privacy. If you want more information from us, it’s up to you to get in touch. The ball is in your court.
NB home > Freebies >

Copyright © 2009 IsecT Ltd.