Unless you actually meant to call up the NoticeBored site map, you have probably just followed a dud hyperlink.  This is an actively managed website that changes every week, often several times a day.  The page you were seeking is probably still lurking here somewhere ... look through the pages listed below, start over at the home page or else try searching for it:

Search NoticeBored.com

Home

Start here.  No, here.

About NoticeBored

This section introduces and explains NoticeBored, the security awareness subscription service:

• About NoticeBored - general information on our flagship subscription-based awareness product
• Product Data Sheet on NoticeBored - summarizes the key features on 2 sides
• NoticeBored features - what are the main elements of the product?
• NoticeBored audiences - describes the three streams of material targeting three distinct audiences
• NoticeBored topics - outlines the information security topics covered
• NoticeBored samplers - PDF samples of the NoticeBored awareness materials
• Using NoticeBored - explains how customers incorporate our creative content into their security awareness programs
• NoticeBored is unique! - a side-by-side comparison contrasts NoticeBored’s innovative approach with a typical/conventional security awareness program
• NoticeBored business benefits - what will NoticeBored do for your organization?
• NoticeBored price - NoticeBored is the most cost-effective information security enhancement with prices starting at less than the cost of a cup of coffee , per person, per year!
• NoticeBored customers - what does our typical NoticeBored customer look like?  If you can see a pattern, do let us know!
• NoticeBored back catalog - license all the prior awareness modules in one go to turbo-charge your security awareness program and set it off to a flying start

NoticeBored this month

Read all about August’s information security module on industrial espionage.

Information Security 101

A special foundation-level security awareness module covering the basics of information security for use in security induction/new employee orientation classes, and to help new customers launch their security awareness programs.

 

Security awareness posters

New security awareness posters are supplied to NoticeBored customers electronically every month as high resolution image files.  The awareness posters help to promote the month’s information security topic and are, of course, supported by the remaining awareness materials.  Buy them separately if you only need graphic images. .

Information security policy manual

Faced with the need for information security policies, it is tempting just to write a few policies covering the most obvious “security issues” and ignore the rest.  A more professional approach involves assessing the organization’s information security risks and developing a comprehensive policy manual, systematically  addressing all the material risks.  Our generic security policy manual is a cost-effective way to document best practice information security controls, using ISO/IEC 27002:2005 as a basis.

Internal Control Questionnaires

Buy a comprehensive set of Internal Control Questionnaires to audit or self-check your organization’s information security controls.

Security links collection

The combined links and module diary page lists the awareness topics we have covered to date (see below) with a forward view of those due in the next quarter.  Our managed collection of hyperlinks supports each awareness module with a selection of useful Web resources.  Please tell us about broken links or suggest a link.  We have well over 1,000 already but there’s always room for more good resources.

• Accountability, responsibility and related links
• Audit links
• Authentication links
• Bugs! links
• Change & config management links
• Compliance links
• Confidentiality links
• Contingency planning links
• Cryptography links
• Database security links
• Email and messaging security links
• Ethics links
• Fraud links
• Gizmo and teleworking security links
• Governance links
• Hacking links
• Human factor links
• Identity theft links
• Incident management links
• Induction course links (basic information security awareness topics)
• Industrial espionage and trade secret links
• Information security risk management links
• Insider threat links
• Integrity links
• Intellectual Property Rights (IPR) links
• IT Operations links
• Malware links
• Network & Internet security links
• Office security links
• Phishing links
• Physical information security links
• Privacy and data protection links
• Secure development / security-SDLC integration links
• SCADA/ICS security
• Social engineering and social networking links
• Securing business relationships links
• Trust links

Freebies!

While these papers are published and made available on the Web to read without charge, we retain our intellectual property rights (copyright) on them.  Plagiarists beware: we have a crack team of IPR specialist lawyers in reserve and we’ve taken action successfully in the past.

• 7 myths about security metrics - discusses the key choices when designing a system to measure and report on information security
• 7 steps to security awareness - hints and tips on the process of planning and initiating an awareness program
• Business case for an information security awareness program  - a generic paper expounds the cost -benefit argument.  Useful ideas for your own budget or investment proposal perhaps?
• Creating a security culture - purely raising awareness is not a worthwhile end in itself!
• Data center physical security - tips for securing physical access and environmental services for data centers
• Human factors in information security - a white paper explains why it is so important to address human beings as an essential part of any information security management system or framework
• Information Security Policy, Awareness and Compliance Manager job description
• ISO/IEC 27001/2 - explains how NoticeBored relates to ISO/IEC 27001 and 27002, the ISO/IEC international standards for Information Security Management Systems
• NoticeBored newsletters  - sign up here for a free monthly subscription to get the very latest edition in your inbox at the start of every month
• State of IT auditing - a popular article published in EDPACS
• The value of information security awareness? - numerous quotes and reasoned analysis support the need for a more creative and effective approach to security awareness

Book store and book reviews

Browse through our virtual bookstore showcasing our favorite information security books.

We have read these books mostly in the course of researching the security awareness modules and share the reviews here for the benefit of customers and other keen readers:

• Building an Information Security Awareness Program - Mark Desman’s book has some good ideas if you can face reading it
• Computer security - 20 things every employee should know - a handy little security booklet, useful as part of a security awareness program
• Computer Security for the Home and Small Office - security advice for the Small Office/Home Office owner
• Corporate Espionage - Ira Winkler’s first book, still a good read some ten years after it was published if you can lay your hands on a copy
• Dear Valued Customer, You Are A Loser - a useful source of security case studies for your awareness program
• Enemy at the Water Cooler - we wished we hadn’t bought this ESM sales pitch but ESM customers and vendors evidently like it
• Google Hacking - combined penetration tester’s technical manual and security manager’s horror story
• Handbook of Research on Social and Organizational Liabilities in Information Security - includes a chapter on security awareness by Gary Hinson
• IDEO books on innovation - a pair of books by one of the owners of design company IDEO reveal their creative techniques
• Incident Management - comprehensive coverage in a small book
• Information Security Awareness - a rather academic book with some value to information security awareness professionals
• Insider threat - a disappointing treatise on such an important topic
• IT Governance 3^rd edition - a comprehensive guidebook to accompany ISO/IEC 27001/2 implementations
• IT Governance - an academic book with lasting value to practitioners
• ITIL v3 Security Book - now much closer to the ISO/IEC 27000 standards
• Know Your Enemy - the honeynet bible
• Lessons Learned in Software Testing - recommended reading for thinking people involved in testing application systems
• Managing an Information Security and Privacy Awareness and Training Program - at last!  A security awareness book we are happy to recommend unreservedly
• Managing the Human Factor in Information Security - another highly recommended read for information security awareness professionals.
• Net Crimes & Misdemeanors - a good security awareness book for naive net novices
• Phishing - Cutting the Identity Theft Line - more than just phishing, this book covers identity theft, criminal hacking and malware
• PCI DSS - a Practical Guide to Implementation - learn tips from an experienced implementer to save reinventing the wheel
• Scrappy Information Security - scrappy it is but maybe that means something else to you & me
• Spies Among Us - an eminently readable and useful book covering industrial espionage, hacking and social engineering
• Spreadsheet Check and Control - highly recommended for spreadsheet users, their managers, governance specialists, auditors and regulators
• The Art of Deception - our review of Kevin Mitnick’s fascinating first book ...
• The Art of Intrusion - ... and his second
• The CISO Handbook - full of practical guidance and advice for those tasked by management with ‘doing information security’
• The Insider - a extensive but somehow disappointing collection of journalistic pieces on corporate espionage cases
• Zen and the Art of Information Security - a superficial introduction to the field for non-experts

Contact us

Contact details with a feedback/information request form.  Get in touch with us if you would like to evaluate NoticeBored:

• Submit a link - suggest your favorite Internet security resources to add to our managed hyperlinks collection
• Copyright notice and disclaimer - describes how we protect our own intellectual property against theft and plagiarism, plus a legal disclaimer about using the information we supply
• Privacy policy summary - any personal details you submit to us are confidential
• Privacy policy detail - more info if you are still concerned, verging on truly paranoid

About IsecT

Briefly describes IsecT Ltd’s professional information security credentials (there’s lots more information on IsecT’s own website)

• IsecT partners - our network of trusted partners for information security training, consulting, LMS and other products

What’s new

As this is a dynamic website, we keep a history of significant changes.  If you can’t afford the time to hunt our site for the “new” and “changed” pointers, simply bookmark the what’s new page and visit when you can to keep up with any major developments.  If you have the slack time and interest for browsing or research, we update the weblog and links collection with news stories and new links, respectively, most days.  Come back soon!

NoticeBored blog

Keep up with news, resources and commentary, many relating to the monthly awareness topics.

Secret bonus level

As a public service for our fellow CISSPs, we maintain the Unofficial CISSP Forum FAQ.  The forum is said by some to be “far and away the principal benefit to holders of the CISSP qualification” and by a few to be “a total waste of time”.  Make your own mind up.

Copyright © 2010  IsecT Ltd.