3. Screensavers: information security governance  4 PC screensavers
NoticeBored screensavers bring the graphical content of other awareness materials to employees’ screens:
Slides from the staff seminar (item #1), displayed in sequence Slides from the management seminar (item #17), in sequence Slides from the technical seminar (item #28), in sequence The new poster images (item #2), displayed in random order
Customers, please contact us if you would like to customize the screensavers or create your own. We
won’t charge you to do it - we’ll tell you how to do it yourself, simply and for free.
4. Staff guideline: information security governance  1 page Word document
A brief overview of information security governance, intended for a general audience and suitable as a handout at awareness seminars and briefings.
5. Staff guideline: accountability 2 page Word document
A double-sided informational leaflet on information security accountability.
6. Case studies: information security governance 4 x 2 page Word documents
Case studies help liven-up seminars, presentations and training courses and make engaging awareness
exercises by themselves. They get the audience thinking and talking about the topic. There are four case
studies again this month, each comprising a scenario paragraph and handful of discussion points, followed by
a page of ‘model answers’ to get the discussion going. The scenarios are situations relating to information security governance.
7. Top tips: information security governance 1 page Word document
A page of tips - simple suggestions for staff on information security governance.
8. Take home messages: information security governance 1 page Word document
The entire module condensed and summed-up on just one side! A mind map and a few words of
explanation do the trick. Even those who are “too busy” to take much notice of information security can hardly claim to be that busy.
9. Crossword puzzle: information security governance 2 page Word document
Puzzle on one page. Solution on another. Have some fun over lunch while learning about information security governance.
10. Security awareness survey 1 page Word document
A simple form to check the extent to which employees are aware of the information security governance topic, and gather their feedback suggestions to improve the awareness program.
11. Security awareness test: information security governance 1 page Word document
Check how well employees recall the information security governance awareness messages. Generate useful metrics on your awareness program to help demonstrate progress to management and drive further improvements.
12. Glossary of information security governance  5 page Word document or 1 web page
An hyperlinked glossary of information security governance-reated terms, ideal for Information Security’s intranet Security Zone.
13. Links to additional resources on information security governance 1 web page
Explore our managed collection of links to information security governance resources on the Web for still
more perspectives on this important topic. We used many of these resources in our research to prepare the module. Customers are very welcome to duplicate and amend our links collection on their corporate
intranets.
Awareness materials for managers and executives
14. Mind-maps: information security governance  5 Visio diagrams
Mind-maps help us think through and develop the content whilst researching and preparing the NoticeBored
materials. We use them to illustrate the presentations and various other awareness materials in the module,
showing the topic in a structured and visually appealing way. Five mind-maps plus several variants are provided, along with a handful of diagrams, in one Visio file allowing customers to make changes and
continue the thinking process.
15. Board agenda: information security governance 1 page Word document
Although senior management support is an essential prerequisite for a world-class information security program, helping senior managers understand often complex information security issues, quickly, is
something of a challenge. The ‘board agenda’ paper aims to get them thinking about the issues and
stimulate a Board-level discussion on information security governance, facilitated by the CIO, CISO or Information Security Manager.
16. Model policies covering (a) information security governance, (b) divisions of responsibility and (c) information asset ownership 3 Word documents
Three separate policy documents cover the core topic and two related matters. Adopt these as-is or compare them against and perhaps improve your own information security policies.
17. Management seminar: information security governance  10 PowerPoint slides
Ten seminar slides supported by speaker notes encourage management to consider and discuss information security governance.
18. Executive briefing: information security governance 1 page Word document
19. Executive briefing: information asset ownership 1 page Word document
20. Executive briefing: accountability for information security 1 page Word document
Three short briefings intended for busy senior managers, covering governance issues in the context of information security (and vice versa!).
21. Management briefing: information security governance 14 page Word document
For middle managers and interested executives with a bit more time on their hands, this detailed briefing
paper supports and extends the management seminar (item #17). It can be printed for use as a handout,
desk-drop or internal mailing, or made available to download from Information Security’s intranet Security Zone.
22. Management briefing: accountability for information security 3 page Word document
It’s important that managers understand that they will be held to account personally for their actions in
relation to information security, even if many of the associated responsibilities are delegated to others.
23. Management procedure: defining information security roles 1 page Word document
Documenting information security activities in role or job descriptions goes a long way towards making
people aware of their security responsibilities. This simple procedure explains, in general terms, how to do it.
24. Management procedure: cost-justifying information security investments 3 page Word document
As with other risk-reduction situations, it’s not always obvious how to prepare business cases to justify
investments in information security since they normally reduce costs rather than generate outright profits. The technique described in this paper shows how cost-reduction projects can still be financially sound.
25. Management briefing: information security governance metrics 5 page Word document
Assessing and measuring the organization’s information security governance practices is an important part of managing them. This discussion paper suggests a number of relevant targets and metrics.
Awareness materials for IT professionals
26. The NoticeBored newsletter: information security governance  8 page document
The newsletter introduces and sets the scene for the remaining security awareness materials, providing
background information on this month’s topic plus an overview of the associated risks. While the editable MS Word version is reserved for paying customers, the free PDF version is emailed to everyone on our newsletter mailing list.
27. Awareness program activities: August module 5 page Word document
Information security awareness program managers - start here! Pep-up your security awareness
program with our creative internal communications ideas and awareness tips. We can’t stand up in front of your employees to deliver the awareness seminars, training courses etc. but we can make your job a bit
easier, more productive and hopefully more fun. Spend your time interacting with staff, managers and IT people rather than researching and writing the presentations and other awareness materials.
28. Technical seminar: information security governance 12 PowerPoint slides
The seminar slides with speaker notes present information security governance concepts in terms that IT professionals will understand and appreciate. The suite of technical controls within and surrounding the IT
systems and networks are an essential component of the organization’s governance framework (hence the reason that SOX section 404 focuses on them).
29. Technical briefing: information security roles and responsibilities 6 page Word document
Technical briefing for IT professionals discusses the definition of information security management rôles and responsibilities based on the 39 control objectives identified in ISO/IEC 27002:2005. It includes a generic
matrix relating information security activities to the departments, functions or people that normally perform them.
30. Technical briefing: SOX primer 3 page Word document
IT people in organizations subject to the Sarbanes Oxley Act of 2002 should be aware of their obligations under the Act, particularly section 404. This is a succinct primer.
31. Internal Controls Questionnaire: information security governance 6 page Word document
An audit-style checklist to guide an evaluation of your organization’s information security governance processes. Check the current status against good practice criteria.
Module #63 contents (file listing)
NoticeBored is for you, yes you!
If this brief outline of our latest awareness module intrigues you, why not contact us to evaluate
NoticeBored? We’ll send you a month’s awareness materials, a complete module exactly as it was delivered
to our customers, plus an evaluation license for you to try them out. There’s no commitment or charge to evaluate. Find out what makes NoticeBored different and discover what led ENISA to describe us as “best
practice experts” in security awareness. We can even help you build a budget proposal for your awareness program.
|
