Home
[Home] [About NB] [NB this month] [InfoSec 101] [Policies] [Prices] [Freebies] [Contact us]
[Our part in the process] [Your part in the process] [What we achieve together]
[Topics] [Awareness materials]
NoticeBored product data sheet

Service info

Read NBlog, the NoticeBored blog

NoticeBored security awareness topics

NoticeBored customer feedbackThe incessant pace of change in information security means staying still is falling back. Effective security awareness programs need to be updated frequently to reflect changes - new threats and vulnerabilities, new modes of attack, new business and personal impacts. Furthermore, staying topical keeps the content relevant and interesting instead of going stale and boring.

That’s why we deliver fresh security awareness materials every single month . With NoticeBored, your awareness program matures month-by-month, constantly adapting to the ever-changing environment. Our innovative rolling approach tackles current information risks, emphasizing the best of today’s information security controls, building and sustaining a high level of awareness all year round. 

The NoticeBored portfolio covers an outstanding spectrum of more than 60 security awareness topics:

  1. Accountability and responsibility - examines, explains and contrasts these two commonly misunderstood concepts that are fundamental to information security, governance and compliance;
  2. Apps - about integrating information security into the application development/acquisition lifecycle, and mobile apps;
  3. Assurance - is about checking things to establish confidence and trust, demonstrating and proving compliance with security standards, policies, laws and regulations;
  4. Authentication and identity management- from choosing strong passwords to biometrics, identity theft, access control and federated identities;
  5. Best practices - discovering, evaluating and adopting best practices in information security can be a short-cut to excellence;
  6. Bugs! - security vulnerabilities created by errors or flaws in program specification, design, coding or configuration by software development professionals and end-users;
  7. Business continuity - covers business impact analysis, resilience, disaster recovery and contingency to maintain critical business activities despite incidents and disasters;
  8. Business relationships - securing the information element of relationships between organizations is tricky given the number of relationships, their dynamics, and the wide variety of situations in which information is placed at risk;
  9. BYOD (Bring Your Own Device) - using personal tablets, laptops, smartphones etc. for work purposes may suit the business but presents information risk and security challenges;
  10. Change management - covers the intersection between change management and information security management, taking in risk management, compliance, patching, testing, configuration and version management, and more;
  11. Cloud computing - covers the information risk and security aspects of cloud computing; 
  12. Communications security - this topic integrates several others (e.g. network security, email security, hacking and social engineering) and adds new angles such as non-verbal communications; 
  13. Compliance and enforcement - fulfilling obligations under information security-related laws, regulations, standards, contracts etc. plus internal corporate policies, procedures and guidelines;
  14. Computing on the go - information risk and security concerns relating to portable ICT devices such as laptops, smartphones, tablets and so forth;
  15. Cryptography - a fun, lightweight introduction to the rather heavy topic of encryption and other cryptographic applications;
  16. Cyberinsurance - sharing low-probability high-impact cyber risks with insurers reduce the amount of cyber risk retained;
  17. Cybersecurity - a heavy-duty but gripping module concerns basic cyber controls plus the extreme cyber risks relating to cyberweapons in cyberwarfare; 
  18. Cybertage - ‘sabotage in cyberspace’ concerns the use of information and IT systems and networks as weapons to commit sabotage, plus sabotage of information and IT assets;
  19. Database security - securing large collections of valuable data against hackers, corruption, loss etc.;
  20. Digital forensics - forensic investigation of data relating to and arising from information security incidents;
  21. Email - information risk and security aspects of electronic mail plus other person-to-person messaging technologies;  
  22. Fraud - taking advantage of victims through deception and coercion;
  23. Governance - roles, structures and reporting lines for the information security function and its relationships with others such as risk management, IT audit and general business management;
  24. Hacking - tips to counteract hackers, crackers, industrial spies, insider threats, scammers, criminals and other adversaries exploiting network, software, hardware, physical and human vulnerabilities;
  25. History of security - looks at the evolution of information security techniques and technologies through the ages;
  26. Hi-tech infosec - risks and controls involving IT, systems and networks, and high-technology;
  27. Human error - explores the human side of information integrity including booboos, blunders and gaffes;
  28. Human factors - the human side of information security covering security awareness and culture, policies, social engineering scams and frauds, phishing, whaling and more;
  29. Identity theft - stealing and faking credentials, phishing, impersonation and fraud;
  30. Incident management - the cyclical process for identifying, reacting to, containing, resolving and learning from information security incidents;
  31. Industrial information security - information risks and security controls relating to industrial IT systems controlling factory machines, equipment and plant, microcontrollers and critical national/corporate infrastructures;
  32. Information protection - obligations to protect information, plus classification and baseline security controls; 
  33. Information risk management - processes to identify, examine and treat the full spectrum of information risks, in the context of corporate risk management as a whole and information security specifically;
  34. Information Security 101 - a general, multi-topic starter module covering the essentials of information risk and security, privacy etc.  Designed for new employee orientation and to launch (or re-launch!) security awareness programs;  New hot MORE
  35. Innovation - discusses the risks and controls associated with the process of creating and exploiting intellectual property, ranging from classic inventions to novel black- and white-hat tools and methods;
  36. Insider threats - concerns information risks involving employees (staff and management) and third-party employees working for/within the organization in a similar capacity (contractors, consultants, temps etc.); 
  37. Internet security - from web surfing to eBusiness apps, social media and cloud computing, this module covers one of the hottest and riskiest areas of information security;
  38. IoT (the Internet of Things) security - also known as the Insecurity of Things and the Internet of Threats;
  39. IP & IPR (Intellectual Property R ights) - protecting and exploiting the organization’s rights and interests, while also respecting others’; 
  40. IT auditing - understand what makes IT auditors tick, what they do, and how to work with them more effectively;
  41. Knowledge - protecting intangible information assets and intellectual property;
  42. Learning from information security incidents - improving security in response to incidents that may or may not involve the organization directly, plus near-misses;
  43. Lo-tech infosec - concerns those important parts of information security that lie beyond IT-security or cybersecurity;
  44. Malware - awareness is a critical control against computer viruses, worms, Trojans, keyloggers, Advanced Persistent Threats, spyware, rootkits, multifunctional and embedded malware, ransomware, cryptomining malware and other nasties;
  45. Network security - all manner of information security issues arising from networking, internetworking, communications, liaisons, collaboration and social interaction, VOIP, VPNs, IoT, BYOD, mobile working ...;
  46. Outsider threats - concerns malicious outsiders such as hackers, plus other external threats such as compliance enforcement and natural disasters;
  47. Oversight - ‘overseeing’ things is an almost universally applicable control, a fundamental principle with value in myriad situations; This month's hot topic Module completely rewritten for Dec 2018 MORE
  48. Passwords - concerns credentials used for identification and authentication of people, including passwords, passphrases, two-factor authentication, biometrics and so forth;
  49. Permissions - including but extending well beyond rights and privileges;
  50. Phishing - a significant modern-day threat that involves email security, credentials, identification and authentication, social engineering, malware, fraud, identity theft, ethics and more.  Awareness is a vital control;
  51. Privacy - protecting personal information, respecting individuals’ privacy rights and expectations;
  52. Physical security - protecting information assets (including people) against physical threats such as unauthorized or inappropriate physical access, fires, floods, and various workplace hazards;
  53. Portable devices - security of laptops and other portable/mobile ICT devices, touching on BYOD and home working/teleworking;
  54. Ransomware - malware that holds computers and data to ransom; 
  55. Secure-by-design - making information security an integral part of systems and processes from the outset, including security architecture and the concept of fail-safe/fail-secure design;
  56. Security culture - recruiting the entire workforce to Information Security is great in theory, tough in practice.  This module appeals to management, in particular, to demonstrate leadership in this area;
  57. Security frameworks - adopting security standards, complying with laws and regulations and structuring a suite of policies and procedures;
  58. Social engineering - the only practical way to tackle this growing threat is to ensure workers are well aware of the issues, motivating and guiding them to think critically, spot and resist attacks;
  59. Social insecurity combines social engineering with the security aspects of social networking and social media, including 419 and lonely hearts scams, spear phishing, inappropriate online disclosures and insider threats;
  60. Social media - covers the security hazards associated with Linkedin, Facebook, blogging etc.;
  61. Surveillance - widespread in public, corporate and personal domains, surveillance is both a valuable monitoring control and a privacy/human rights concern depending on your perspective; 
  62. Survivability - tackles the extreme end of risk management, incident management and business continuity;
  63. Tools and techniques supporting and enabling information risk and security management;
  64. Trade secrets - a spectrum of activities from legitimate market research and competitive intelligence through to unethical if not illegal industrial espionage and information warfare;
  65. Trust and ethics - trustworthiness depend on the trusted party’s ethics, making this an important - if unusual - information security awareness topic.
  66. Workplace security - is there any such thing as the ‘typical’ workplace these days?  The information risks and security controls are as varied as the places and ways we work. 

Does your security awareness and training program cover hot topics
such as IoT, phishing, business continuity and cloud?

Look at your program or ask any of our competitors about the breadth and depth of theirs, and think about it. There’s much more to explore besides phishing, important though that topic undoubtedly is. Aside from anything else, it’s boring to cover the same old same old.

To be fair, information security doesn’t fall neatly into discrete categories - there is cross-over and common ground between many topics ... which our audiences will hopefully recognize: we’re aiming for a broad all-encompassing view taking in information risk, information security, cybersecurity, privacy, governance, compliance and more, all within the corporate business context.  Fostering the corporate security culture is the long term objective.

 

We work on a rolling plan going forward three months at a time. While busily preparing the next month’s module, we’re also scoping, researching and thinking about those that will follow. Get in touch to find out what’s coming up. We keep our plans flexible in order to respond both to new issues as they emerge and to customer suggestions. So how may we help you?  What are we missing?

HomeAbout NBOur part in the process > Topics >

Copyright © 2018 IsecT Ltd.