 |
|
|||||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
|
|
|||
 |
|||||||
 |
|||||||
|
|
|||||||
|
The links collection and blog are not the only pages that change often on this site. As you’ll see from the website history below, both the NoticeBored products and this website are constantly evolving. We are proud of our record of innovation, finding new ways to make security awareness more interesting and effective. Check this page to keep up with developments and by all means get in touch if you have input that would help us retain our creative edge in this competitive market. Take the lead with NoticeBored and leave our competitors for dust.
|
 |
December 2007 - social engineering
Released the module on social engineering, one of our ‘core modules’ that we believe every information security awareness program should cover, though not all do. Also fixed some broken links. Added a customer endorsement from Alliance Data (thanks Shannon!). Added a quotation to the induction module page.
November 2007 - security compliance & revised induction module
The ‘laws, regs and standards’ module has a new name: security compliance. Published the 2008 awareness calendar and a fully revised and updated induction module (a free bonus to NoticeBored licensees).
October 2007 - physical [information] security
My how time flies when you’re busy! Is it really three years since we last released a module on physical security and environmental protection of information assets? Definitely high time for an update. The module has swelled to over 80Mb of rich content. Publishing it took about 6 hours due to lightning storms constantly interrupting our satellite link - lightning being just one of many issues covered in the module. Uploaded a sample of our new security awareness tests. Added new quotes here and there, including one from the venerable Donn Parker on the need for motivation not just awareness. Linked to a podcast on security awareness by Watchfire’s Scott Pinzon.
September 2007 - email security
Released an updated module on email security. The recent STORM worm/malware emails remind us to be on our guard when reading the mail and there are many other email security issues to beware of. As the NZ dollar is falling, so are our prices for customers based overseas. Quoted from an ITCI report on accountability to explain how NoticeBored’s management stream helps managers ‘look smart’ in front of employees. Updated the business case for security awareness. It has stood the test of time well but has been updated with a longer list of awareness topics etc. Updated the policy manual description to explain more about what it is. It’s a fabulous time saver! Why suffer disjointed and incomplete IT security policies when salvation is less than US$300 away? Found time to start Spring-cleaning the links collection. It’s a rotten though necessary job but it will take a while to find and clear out all the junk.
August 2007 - trade secrets
Another brand new awareness module about protecting trade secrets against industrial espionage. Reduced the price of the generic information security policy manual to US$295. Published a review of Lessons Learned in Software Testing.
July 2007 - User authentication
Released an updated module on user authentication. To celebrate this 50th NoticeBored module, announced a special discount offer for new subscribers. Added a pertinent new quote to the white paper on creating a security culture. Revised the information security policy manual. Reviewed The Insider and Corporate Espionage books. Sorted out the links collection and fixed a metric tonne of broken links. Thanks to the surging NZ dollar and falling income from export orders, we have regretfully had to announce increases in our US$ prices. Sorry but it’s not our fault the NZ economy is so strong (OK, maybe it is!).
June 2007 - privacy and data protection
Released a revised module covering privacy issues and data protection controls. Also noted our invitation to present on security awareness at Oceania CACS in September. Reviewed Zen and the Art of Information Security, reviewed two IDEO books on innovation and Net Crimes & Misdemeanors. Revised the About NB pages to emphasize the monthly topics and distinct streams of material for the three audiences. NoticeBored is four years old this month!
May 2007 - insider threats
Released a brand new insider threats awareness module. Prompted by a comment from a Forrester Research consultant, published a profile of our customers. Reviewed an Insider Threat book - not one we’d recommend, I’m afraid.
April 2007 - network security
Released the network security module. Finally made time to publish the promised review of Know Your Enemy. Also reorganized the freebies (white papers etc.) and book reviews pages and updated some quotations in the links collection.
March 2007 - malware
Released an updated module on viruses, worms, Trojans and other nasties. Also published a review of Google Hacking and reorganized the book reviews and white papers. Updated the policy manual page and gave a glimpse into our passionate world of security awareness.
February 2007 - database security
Released a completely new awareness module on database security. Updated our white paper on the value of security awareness. Added module listings to the module listing (!). See what you missed! Made various updates to the links collection.
January 2007 - intellectual property rights
Published an updated module on IPR covering copyright, patents, trademarks etc. Reviewed an $8 computer security employee awareness booklet. Quoted the late great Laurie McQuillan CISSP on the risks links page. Uploaded two more samples of our wares. Published a harsh but fair review of Enemy at the water cooler. Quoted (ISC)2’s John Colley on the About NB page. Updated the CISSPforum FAQ a little.
|
December 2006 - social engineering
Released the module on social engineering, one of the core topics since security awareness is such an important control against this form of attack. Split the long awareness posters page into separate pages for each month making it easier to browse the collection. Published our customary security awareness calendar to herald the arrival of another year. Clarified the pricing and added a nice box shot to the NB price page. Updated the NB benefits page with a section on the security awareness toolkit.
November 2006 - accountability and responsibility
Released the module on accountability, responsibility, information asset ownership and related concepts. Knocked US$100 off the price of our generic information security policy manual. Made a security awareness presentation on social engineering to a meeting of the NZCS ISSIG and ISACA in Wellington, New Zealand, on Computer Security Day (Nov 30th). Moved office again, this time to Wanganui, New Zealand. Contact details and NB product data sheet updated.
October 2006 - IT incident management
Published the awareness module on notifying, responding, resolving and learning from information security incidents. Updated the NoticeBored samples with PDFs of the complete module on identity theft. Published the CISSPforum FAQ. Combined the ‘ownership of information assets’ links collection page into the accountability, roles and responsibilities page since they are so closely aligned and are covered together in next month’s module. Added a new page describing the back catalog, a whole library of creative materials to supercharge your security awareness program.
September 2006 - portable IT security
Released a revised module on security for portable/mobile computing, teleworking and wireless networking. Used the ‘unconscious competence’ psychological model of learning to explain our approach on the About NB page. Uploaded more samples including a more or less complete set of materials from last month’s identity theft module and samples of two new format deliverables - procedures and take home messages. Spring-cleaned the freebies area.
August 2006 - identity theft
Released a new awareness module on identity theft, covering issues relating to remote user authentication, IT fraud etc. Republished our 7 myths about security metrics paper (as published by ISSA Journal).
July 2006 - resilience and DR
Two new types of awareness material (a hyperlinked glossary and a paper about metrics for resilience and DR) graced July’s NoticeBored module. IsecT and NoticeBored have been endorsed by ENISA in a paper for SMEs about building security awareness programs. Added yet another quotation to the Why awareness? white paper. Minor rewording of the privacy policy e.g. to refer to New Zealand’s Privacy Act. Updated the NB product data sheet. Information security policy manual released, based on ISO/IEC 17799:2005.
June 2006 - email security
Released an updated module on email security, marking our third anniversary for NoticeBored (and still the creativity and innovation continue!). Reviewed Alan Calder and Steve Watkins’ book IT Governance - A Manager’s Guide to Data Security and BS 7799 / ISO 17799. NoticeBored is three years old this month.
May 2006 - security-SDLC integration
Released another innovative awareness module - a ‘marketing brochure’ to explain information security to development project managers, software developers etc. This was a special security awareness module on an extremely important issue yet one few security awareness programs ever cover. Uploaded thumbnails of our new style security awareness posters.
April 2006 - keeping secrets
No April fool this year, just solid meaty content on the topic of keeping secrets (confidentiality and privacy). Interesting quote from E&Y on the value of security awareness included in our evolving white paper. Our white papers and the PDF versions of our newsletters are now covered by a Creative Commons license.
March 2006 - malware
Released an updated and extended module on malware. Minor update to the True value of security awareness white paper.
February 2006 - Bugs! & updated security induction module
Delivered the NoticeBored module on Bugs!, the last of the original planned sequence of awareness topics. Announced the availability of a ‘library’ containing all 600+Mb NoticeBored awareness materials delivered to date. The induction module has been updated and expanded. Revised the page listing NoticeBored topics. Published our review of the CISO Handbook. Recommended for CISOs or others building security improvement programs. Added a succinct definition of social engineering by a certain Mr. Mitnick.
January 2006 - third party security
Added a brief note about the broad range of NoticeBored customers. Information security awareness may be a niche product but it sure has a wide appeal. Published a review of Rebecca Herold’s excellent book on Managing an information security and privacy awareness and training program. Unreservedly recommended .
|
December 2005 - social engineering
Published the social engineering module in time for the run up to Christmas, a busy time for social engineers (including all three-year-olds). Repaired some broken links on the NB sample page and uploaded a crossword sample. Published our calendar. Enjoy! Also published new NB samples - a technical security awareness presentation intended for IT professionals and a typical management presentation. Help the boss understand what you’re always going on about! Published our review of Spies Among Us. Spent a few tedious hours weeding out broken links from the links collection.
November 2005 - secure software development
Published a review of Spreadsheet check and control - highly recommended. Spent hours hunting down and eliminating broken links from the NB links collection.
October 2005 - IT Operations
Having successfully relocated the NoticeBored office to New Zealand, site and links maintenance recommenced after a short hiatus. Updated the ‘office clock’ on the contact us page in the forlorn hope of avoiding calls from Europe and the States in the middle of our night ...
September 2005 - authentication
Added some NIST SP references on the value of security awareness page. Referenced our ISO27001security website under the laws, regulations and standards links collection. Updated the value of security awareness and 7 steps to security awareness white papers.
August 2005 - change management and security induction module
Released a standard NoticeBored security awareness module on change management and a special bonus module for security induction training. Completely re-wrote the white paper on NoticeBored and ISO/IEC 17799, BS 7799 and ISO/IEC 27000-series standards. Published a review of Tim Layton’s book on information security awareness.
July 2005 - the hacking threat and crisis management special
Referenced Mich Kabay’s seminal paper on the psychological aspects of information security awareness, added further quotes to our Why do we need/value of security awareness white paper and provided a PDF version for easier printing. Published a special mid-month bonus NoticeBored security awareness module on crisis management and contingency planning, inspired by the amazing London emergency services’ response to the bombs of July 7th.
June 2005 - Email security
Launched Global Security Week. Referenced the 2005 Deloitte and AusCERT security surveys in Why do we need security awareness? Published our Seven Steps to Security Awareness white paper. NoticeBored is two years old this month!
May 2005 - risk management
Noted the new mind maps and awareness survey deliverables on the NoticeBored features page.
April 2005 - IT governance
Republished the Build your own security culture presentation because visitors are still looking for it. Published an IT Governance book review. Updated the Why do we need/value of security awareness white paper.
March 2005 - malware
Added a glowing customer endorsement to the page suggesting how customers might use NoticeBored. Published a short review of a neat little awareness book You Are A Loser. Added a quotation from Harris Miller to our piece on why we need security awareness. [Some enterprising customers are using this piece plus our business case for an information security awareness program to justify a budget line item for a security awareness program. Good luck to ‘em!].
February 2005 - information security management
Added a brief single-screen About NoticeBored. Launched a conventional blog to document additions to the NoticeBored links collection.
January 2005 - IT auditing
Checked/updated all 900+ links in our links collection. Published a white paper on physical and environmental security for datacenters. Commented on competitors introducing curiously similar awareness services, albeit some 18 months after we launched NoticeBored ;-) Updated the NoticeBored overview/product information sheet.
|
December 2004 - IT laws, regulations & standards
Updated the NB topics page to reflect the repetition of core infosec topics on a quarterly basis. Re-sequenced the links collection pages alphabetically by topic.
November 2004 - physical IT security
Tried a ‘dialog’ facility on the home page - this was later dropped due to a rush of apathy.
October 2004 - incident management
A dramatic new module maybe but certainly no crisis.
September 2004 - accountability & responsibility
Updated the Why awareness? paper. Updated the NoticeBored samples with current formats. Added links to related topics at the bottom of each page in our links collection.
August 2004 - social engineering
Intranet-based information security policy management tool launched.
July 2004 - wireless networking security
Released awareness module on wireless networking as a “special”, an extra topic inserted into the planned cycle. The links collection was thoroughly checked and updated. Added a Hinson Tip to the Phishing page.
June 2004 - contingency planning
Published future plans and other information on the upcoming awareness modules. NoticeBored is one year old this month!
May 2004 - privacy and data protection
Made further updates to the NoticeBored samples to demonstrate the range and format of current deliverables. Introduced a ‘proper’ managed facility for people to subscribe to the free monthly NoticeBored newsletter.
April 2004 - email security
Website privacy policy updated with a more complete formal version here.
March 2004 - IT-related fraud
Issued a spoof press release on ‘global no-email day’ for April 1st.
February 2004 - Internet security
Updated the business case paper. Uploaded older newsletters for download.
January 2004 - intellectual property
Added a phishing alert page with an offer of four free phishing awareness posters available through the updated contact page. Added new samples of our security awareness posters.
|
December 2003 - ownership of information assets
Documented the need for security awareness. Released a generic business case for an information security awareness program. Uploaded some new NoticeBored samples.
November 2003 - mobile computing and teleworking
Published a white paper showing how NoticeBored topics relate to ISO/IEC 17799 sections and a site map.
October 2003 - integrity
Published a white paper on Human factors in information security. Launched the free monthly NoticeBored newsletter.
September 2003 - availability
Released this module a month earlier than planned to coincide with news of Blackout 2003 and widespread power cuts in London.
August 2003 - confidentiality
Awareness module on confidentiality, one of the fundamental tenets of information security.
July 2003 - malware
NoticeBored service officially launched. Our first security awareness topic was malware (viruses, worms and Trojans) - a topic we have covered several times since.
June 2003 - NoticeBored security awareness launch
Announced the NoticeBored service, registered and launched this website. After an 18-month gestation period researching, designing, developing and preparing the NoticeBored concept, we finally hit the Web at the end of May 2003.
|
|
|