 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Just the way we do things here
Information security should be taken into account from every employee’s first day with the organization until their last. In other words, security should be an integral and inherent part of the corporate culture, or more simply ‘just the way we do things here’.
The fundamental purpose of induction or orientation training is to bring new employees quickly up to a basic level of understanding in their new environment. New recruits need to be not only informed about their information security obligations (as laid out in various laws, regulations, policies and working practices), but motivated to comply. That’s where NoticeBored’s unique approach to security awareness adds real value.
 |
Information Security 101 - a basic security awareness module for security induction/orientation training
NoticeBored’s Information Security 101 module has a dual purpose in fact: it can be used both for
security induction/orientation training for new employees, and to help launch a new information security awareness program. In both cases, the module gets straight down to brass tacks,
presenting important information and advice to bring everyone quickly up to speed on information security essentials, creating a common if basic starting point of knowledge and understanding.
As with the regular monthly modules, Information Security 101 includes a range of security awareness materials suitable for general employees plus two further streams of material written to cater for the special needs of managers and IT professionals. Overall the content is a simpler than the normal monthly modules, however, providing a gentle introduction to the information security rather than focusing on a single security topic in some depth.
 |
Information Security 101 contents
The module contains around 34Mb of content, all of which is fully customizable by you:
1. Information Security 101 awareness activities ( S T A R T H E R E !) 
10 pages
The materials provided in Information Security 101 can be a little overwhelming at first, so read this guide to get the most out of them. The paper offers detailed guidance on using the NoticeBored materials as part of your induction/orientation process, or to launch a new security awareness program. It includes creative ideas for communicating effectively with new recruits, putting information security in a positive light from day one, and a structured “menu” of possible prizes, gifts and trinkets to help promote information security through competitions, prize draws and other creative security awareness activities.
Stream A: Basic security awareness materials for general employees
2. Information Security 101 awareness seminar 
11 slides with speaker notes
The presentation covers the bare essentials of information security and is designed to be presented in less than 20 minutes. While the slides themselves are deliberately simple yet visually appealing with graphics instead of words, more detailed speaker notes are provided to support the presenter and can be printed out for use as audience handouts.
3. Information security awareness program launch seminar 11 slides with speaker notes
Presentation for a seminar to help launch your security awareness program. The presentation introduces and explains the purpose and structure of the program. Launch your awareness program with a bang but don’t stop there: there’s lots more to come!
4. Information security awareness posters 
8 high-resolution JPG images
Advertising professionals appreciate the importance of branding and so do we. Launch and promote your new information security awareness program with these full color photographic-style posters provided as high resolution (3508 x 4961 pixel) JPG images suitable for professional or desktop printing. Electronic delivery keeps our costs and hence our prices down while giving you the flexibility to customize and print off as many posters as you need.
5. Security awareness screensavers 
5 PC screensavers
These screensavers make handy security reminders for new employees’ first few days at work, or to accompany the awareness program launch. As with all the NoticeBored materials, you are welcome to pick one, several or none depending on your requirements. You can also customize the screensaver contents - contact us for simple instructions.
-
Three screensavers step sequentially through the slides from the three Information Security 101 seminar presentations (items #1, 22 and 30).
-
One steps through the security awareness program launch slides (item #2).
-
One displays the poster images (item #3) in a random sequence.
6. Information Security 101 awareness briefing 1 page
A succinct leaflet with the bare minimum of basic information security advice for general employees. Condensing information security to the essentials avoids overloading people with information on their first day at work, whilst introducing them to the breadth of advice available from your Information Security function, CIO and/or IT Help/Service Desk.
7. Information Security 101 case study 2 pages
The case concerns a simple error that leads to a security incident. The case study consists of a brief paragraph describing the scenario, followed by 4 questions for attendees to consider and then discuss. We also supply a set of ‘model answers’ in case the teacher needs some prompts to get the discussion going.
8. Information Security 101 staff top tips 1 page
Ten top information security tips for employees, plus a mind map for those who prefer pictures to words.
9. Information Security 101 guideline on choosing good passwords 1 page
The guideline encourages people to choose strong yet memorable passwords, and keep them secret.
10. Information Security 101 bookmarks x4
This is simply a set of double-sided bookmarks with basic security tips on one side and apt security quotations on the reverse. These make cheap but useful freebies to give out on day 1.
11. Information Security 101 jumbo crossword puzzle ~180 words
The jumbo crossword puzzle gives clues to lots of commonplace information security terms, making it substantially more difficult than the normal monthly NoticeBored puzzles. New employees may need some assistance to solve the crossword - perhaps their new work colleagues would be able to help? We provide the solution too, just in case you’re stuck for answers.
12. Information Security contact card with the ten security commandments 1 page
A double-sided but credit-card-sized Word document reminds people of Information Security’s Ten Commandments and has emergency contact information in case of security incidents.
13. Information Security 101 FAQ 1 page
Provides the answers to frequently asked basic questions about information security.
14. Information Security 101 reminder postcard 1 page
The postcard reminds employees about their information security obligations a little while after they have undertaken the Information Security 101 session.
15. Information Security 101 security awareness survey form 1 page
Use the survey form to assess the level of security awareness of new recruits and get their feedback on the induction process. If you are about to launch your awareness program, a preliminary awareness survey can provide baseline metrics to demonstrate the gradual improvement as your program takes effect.
16. Information Security 101 awareness test 1 page
Check that employees understand and can recall the basic security awareness messages included in the module with this quick test. The four questions can be incorporated into online Learning Management Systems.
17. Information Security 101 glossary 50 pages!
Explains information security terminology - the jargon security professionals sometimes take for granted. This Word document contains numerous hyperlinks to the definitions of specialist terms used in other definitions, and as such is ideal for publication on Information Security’s intranet Security Zone (see item #33).
18. Information Security pledge 1 page
If you need employees to acknowledge their security obligations formally, this ‘security pledge’ goes further than the usual boring ‘Sign here to confirm that you have read the security policy’ form.
19. Information Security 101 course completion certificate 2 pages
Show your appreciation for students completing the course with a fancy certificate plus a covering letter from the Information Security Manager.
20. Information Security 101 hyperlinks collection 
online
The InfoSec 101 module contains a link to an HTML page of annotated hyperlinks pointing at relatively straightforward general-purpose information security resources on the Web.
Stream B: Basic security awareness materials for managers
21. Information Security 101 diagrams 
x6
These colorful diagrams give a graphical high-level overview of the key aspects of information security for general employees, managers and IT professionals. The mind maps make explicit the conceptual connections between various aspects of information security. The risk-control spectrum diagram outlines the broad range of information security issues. The diagrams are used to illustrate several other items in the InfoSec 101 module: we provide the Visio originals so that customers can easily adapt the content if they wish.
22. Information Security 101 management seminar 12 slides with speaker notes
Introduce managers to their key governance responsibilities relating to the protection of information assets.
23. Information Security 101 board agenda 1 page
Ask experienced senior executives for tips on how to make the security awareness program a success ... and in the process, inform them about the new program and remind them that information security is a strategically important issue for the organization.
24. Information Security 101 management briefing 1 page
A glossy leaflet on the basics of information security, intended as an easily-digested take-away from the induction/orientation session or awareness program launch.
25. Information Security 101 top tips for managers 1 page
Ten top security tips with a management slant.
26. Model Corporate Information Security Policy 5 pages
An overarching information security policy based on international security standards ISO/IEC 27001 & 27002, containing 7 guiding principles and 39 policy axioms. [The policy is fully aligned with our Information Security Policy Manual.]
27. Executive briefing on Acceptable Use Policies 1 page
Explains the purpose and value of security-related Acceptable Use Policies and Codes of Conduct to senior managers. People often confuse these with plain “policies” but they are more like guidelines in fact.
28. Management briefing on information security metrics 12 pages
White paper/briefing paper discusses factors affecting the selection and use of management metrics to measure and systematically improve information security. This general introduction sets the scene for the topic-based metrics papers provided in the monthly NoticeBored modules.
Stream C: Basic security awareness materials for IT professionals
29. Information Security 101 newsletter 7 pages
The introductory level NoticeBored newsletter explains how the awareness program is structured and lists the topics that the program is anticipated to cover.
30. Information Security 101 technical seminar 12 slides with speaker notes
An introduction to information security basics for IT professionals who, oddly enough, often seem to lack any formal training in the fundamentals of security, despite their technical training and IT expertise.
31. Information Security 101 technical briefing 1 page
A succinct briefing paper providing IT people with a gentle reminder of their security duties to take away from their first day at work.
32. Information Security 101 top tech tips 1 page
Ten semi-technical but eminently practical information security tips for technologists. Short and sweet.
33. Design specification for “The Security Zone” 14 pages
A detailed design specification for an information security awareness-focused intranet site, drawing on our experiences with numerous Internet and intranet Websites (including this one!). Even if you have an information security site already, the ideas in this paper may suggest improvements to the structure, content and/or utility of the site. Maybe it’s time to refresh, re-brand and re-launch yours?
34. Information Security 101 technical briefing on baseline security controls 4 pages
This describes a reasonably comprehensive suite of “baseline” information security controls that would form a decent foundation for an Information Security Management System.
35. Information Security 101 internal controls review checklist 6 pages
In contrast to crude compliance tick-lists anticipating simple yes/no answers, our audit-style checklist poses open-ended questions and is primarily intended for use by qualified and competent information security management and IT audit professionals. Use the checklist to review your basic information security controls quickly as a prelude, perhaps, to an ISO27k ISMS implementation (i.e. a “gap analysis”), or simply to find out how mature your organization is in relation to the way others manage information security.
Information Security 101 module directory listing
 |
Buy Information Security 101
Information Security 101 is available at a special price of just US$645. Check out our samplers demonstrating the nature and quality of the materials provided in the module. Once you decide it’s right for you, please contact us to start the ball rolling.
By the way, Information Security 101 is provided at no extra charge to customers of the NoticeBored security awareness subscription service. If you are not quite ready for a NoticeBored subscription, start with Information Security 101. If you like it enough to take up a NoticeBored subscription within 6 months, we’ll even refund the $645.
How to use Information Security 101
The 10-page awareness activities/train-the-trainer guide included in Information Security 101 suggests how to make best use of the awareness materials, and includes a bunch of ideas to make your awareness program a great success.
While all our awareness materials are “camera ready” and finished to a consistently high level of quality, they are necessarily generic. Since your organization’s awareness needs are unique, they are supplied as ordinary unlocked MS Office files. You can easily make any necessary changes for example:
-
Replacing the NoticeBored logo with your own security awareness logo and where necessary adopting a “house style” through formatting cues such as fonts, headings etc. This is a useful way to link all the materials into a single coherent and instantly recognizable program, something marketing professionals consider important elements of “branding”. We apply our own templates to replicate the same NoticeBored look on all the materials, using Word’s ‘styles’ consistently to make any subsequent styling changes much easier for you;
-
Adding contact details (phone numbers, email addresses, pager numbers, internal mail addresses ...) for your information security people plus colleagues in related functions such as physical/site security, IT, Legal, HR, Compliance and others, in particular the Help Desk commonly used for reporting information security incidents as well as requesting advice on basic security matters;
-
Referring to applicable corporate security or other policies, standards, procedures, guidelines and awareness/guidance materials supplementing those provided in the module. Where appropriate, you may also choose to remind employees of their legal and regulatory compliance obligations in relation to privacy, governance, copyright, PCI-DSS, SOX, FISMA, HIPAA, GLBA etc.;
-
Incorporating other awareness and training content, including pre-existing materials developed in-house and perhaps complementary materials from our competitors;
-
And finally of course, adopting the NoticeBored materials as part of your Learning Management System (LMS), Content Management System (CMS), security training courses, new employee goody packs and so forth.
Thereafter, we heartily encourage customers to measure the effectiveness of the orientation process, ideally as part of a comprehensive information security awareness program that incorporates suitable awareness and other information security metrics. Security awareness is not a “fire-and-forget” operation but benefits from frequent care and attention, for instance incorporating changes in the compliance obligations and more generally in the information security risks facing the organization. That’s precisely why we provide security awareness tests and metrics papers in the regular NoticeBored monthly modules ...
Copyright © 2013 IsecT Ltd.