NoticeBored provides outstanding awareness materials targeting three distinct audiences, written with these specific audiences in mind in terms of the writing style, formats, technical complexity and length. Below you will find samplers of the NoticeBored materials. Please remember that, whilst most of these samplers are limited-resolution read-only PDFs, NoticeBored customers receive editable files from MS Word, PowerPoint, Visio etc. Note also that all the materials in a given monthly module cover the same information security topic whereas some of the samplers here are drawn from different modules.

Stream 1: security awareness materials for all employees

• Security awareness posters use high quality photographic images rather than the somewhat childish cartoon graphics typical of many other awareness products. The posters promote the information security brand in a general sense, raising awareness of each month’s awareness topic in particular. They are deliberately intriguing and thought-provoking in style with the bare minimum of text and, often, subtle tongue-in-cheek humor.
• Security awareness seminar presentations cover aspects of the monthly topic that are likely to be of general interest to most people in the organization. They are straightforward PowerPoint slide presentations with speaker notes included. Using little if any technical jargon, the presentations explain the basic aspects of the topic and focus on things employees ought to consider to protect their computers and information, both at the office and in their home life.
• Top tips - customers asked for shorter, more succinct, action-oriented advice for staff on the topic so we responded with this one-side format. 
• Security awareness briefings cover the same ground in a bit more depth and make good desk-drops , handouts for the awareness presentations or content for Information Security’s intranet website. Where appropriate, these are being replaced by separate short guidelines and procedures.
• Security guidelines provide a bit of background and context for the procedures and policies.
• Generic security procedures like the policies (see below), are intended as models against which to check your own procedures for completeness or, if you don’t have any, as a starting point to write your own.
• Take home messages aim to summarize the entire month’s topic on one side for staff. We often use a mind map and a few bullets explaining the key messages. The sample includes a cut-out-and-keep credit-card-sized handy reminder slip (catchy name!).
• Security awareness screensavers are based on images drawn from the presentations, mind maps and posters - usually several in each module. [Note: please don’t download and run the sample screensaver if your corporate policy prohibits running executable code from the Web. We know it’s perfectly benign but do you?]
• Security awareness case studies are ideal for team meetings, facilitated seminars, brown-bag lunchtime sessions or perhaps even as the basis for practical exercises in training courses. After describing a scenario, the case study poses a handful of questions to draw out the information security aspects in a class discussion. Model answers are provided to guide the facilitator, get the discussion going and highlight the main awareness messages.
• Security awareness crosswords are another NoticeBored innovation. Give your employees a bit of a challenge to figure out key words associated with the monthly topic. Have some fun whilst learning information security terms. Some customers use the puzzles for prize competitions.
• Awareness tests present a handful of multiple-choice questions and (in order to select a prizewinner) a tiebreaker. The test questions directly reflect key messages on the awareness topic. Customers are welcome to use the tests as provided or cut-and-paste them into their intranet security awareness websites or Learning Management System (LMS).
• Awareness survey forms have a dual purpose - to assess the level of employee security awareness in a simple and non-threatening way, and to gather feedback comments and suggestions to improve the program.
• The security glossary explains the specialist information security terms commonly associated with each month’s topic.
• The NoticeBored managed links collection and NoticeBored blog are frequently updated with a resources page dedicated to each month’s topic and topical news stories etc. actively blogged during the relevant month. Links to relevant news stories and other Internet resources bring a sense of reality to the subject matter and encourage interested employees to explore further.
• The NoticeBored security awareness calendar is, as one might expect, an annual deliverable.

Stream 2: security awareness materials for managers

• Mind maps outline the whole topic diagrammatically, showing relationships between the main elements at a glance. Stand back for the whole picture or zoom in for the details. We supply the original Visio files so customers can adapt and re-use the mind map images in other contexts.
• Management briefings are succinct papers for general managers. Shorter and higher-level executive briefings are intended for those with senior managerial or governance responsibilities and a more strategic point of view. These briefings are deliberately punchy in style - usually a single or double-sided leaflet and straight to the point - yet they outline the security topic and describe the corresponding control and oversight activities that managers should be performing.
• Management presentations are generally built around the mind maps to avoid ‘death by PowerPoint’ - just a handful of slides covering the topic at a high level but with extensive speaker notes to guide the presenter and optionally to print for use as handouts.
• The innovative NoticeBored Board agenda raises information security and related IT governance matters for consideration by the Board of Directors or C-level executives. Support from the top table starts with their understanding of the issues. The agenda is basically a debating device to stimulate discussion around information security, risk management and IT governance topics.
• Model information security policies are provided as straw-men against which to benchmark your existing corporate policies (if they exist) or to create new ones (if they don’t). High level principles (axioms) are supported by more detailed policy statements. The roles and responsibilities typically associated with each policy are explicitly documented. [We also offer a complete ISO/IEC 27001/2-based information security policy manual separately.]
• Outline business cases (generic cost-benefit analyses) provide the bare bones financial justification for investment in security controls relating to some topics.
• Metrics briefings lay out options for management to set targets and measure the organization’s performance against the risks and controls identified in each module. Metrics is an advanced aspect: mature your Information Security Management System with help from NoticeBored.

Stream 3: security awareness materials for IT professionals

• You are probably already familiar with the NoticeBored newsletters provided to our mailing list subscribers . These introduce and outline each topic, analyzing the information security risks and using examples and news stories to bring the issue to life. Customers receive the exact same content as editable MS Word files. They are welcome to modify the heading or cut-and-paste relevant sections of text for their internal newsletters etc., avoiding the need to re-type the text!
• Technical briefings (similar but not usually as lengthy as our white papers) describe the security controls normally used to reduce the risks identified in the newsletter. These naturally emphasize technical controls for the IT audience but usually mention other types of controls as well to promote a balanced approach.
• Technical presentations are great for technical seminars (“brown bag sessions”), team meetings, to post on the intranet or to share with the IT department and power users by email. Speaker notes are included. These are security awareness materials, not in-depth training courses, but they may provide a suitable platform on which to build more detailed coursework.
• Internal control questionnaires (controls review/audit checklists) provide the starting point for a structured review of the organization’s security controls. Find out how well the controls that are documented in policies, mandated by laws, regulations and contracts, or recommended by best practice standards such as ISO/IEC 27002.
• Awareness program activities papers suggest a range of creative communications activities for the person or people running the information security awareness program to perform. We find new ideas every month, ranging from prize draw competitions to ‘self-phishing’ and ‘black bag runs’.

Whilst the details vary according to the topic, customers receive a good mix of awareness materials each month - a complete, comprehensive awareness module every time containing around 20 to 30 different types of item in a compressed ZIP file averaging about 30 to 40Mb (varies between ~20 and ~80Mb). Check the contents of the current month’s module for example, or look at the file listings from past modules in our Back Catalog.

The samplers have all been virus-scanned by us but don’t forget to run your own antivirus checks!

If you like the look of the samples but want to evaluate a complete NoticeBored module, exactly as it was delivered to our customers, ask us for the evaluation module containing the original MS Word, PowerPoint, Visio and other editable files.

From time to time we introduce other types of awareness material depending on the topic and inspiration. We are always open to new ideas. If there is a particular type or format of awareness material that you would like us to start producing - brochures, pamphlets, videos or whatever - do let us know.

Whilst you review the samples, have a think about how you might make use of NoticeBored to drive your security awareness program.