NoticeBored’s unique approach

We know NoticeBored is not your only option. What sets us apart from more traditional approaches to security awareness and training is that we are setting the benchmark, constantly innovating and finding novel ways to make employees aware, motivating them to change their behaviors, fostering your organization’s security culture in order to secure valuable business benefits.


Here’s how ... in black and white ...

Compare NoticeBored with more traditional alternatives

Traditional approach


Either do nothing at all (!), or maybe run an annual “awareness training session” (typically a lecture at staff by management)

Inform and motivate staff, managers and professionals through multiple formal and informal communications channels and mechanisms running in parallel all-year-round

Pin corny posters on staff noticeboards ... and leave them there indefinitely, gradually becoming boring, stale, faded, dog-eared and, frankly, lame

Circulate fresh awareness content every month in a range of formats (including new posters!) so there’s always something interesting and relevant to catch the eye

Cover security issues that are so last-year

Pick up on topical news and events more or less as they unfold; find out how to deal with emerging issues, novel threats and vulnerabilities, today’s challenges and opportunities

Get the go ahead, develop the awareness materials
and eventually launch the awareness program ... but then rapidly run out of steam due to the lack of forward thinking

Launch the program now! Quickly establish a high level of awareness and keep it rolling forward indefinitely, drawing from the flowing stream of creative energy

Attempt to cover a confusion of issues all at once,
superficially due to time and budget constraints

Stick to a single, relevant information security topic each month, seizing the opportunity go into more depth as appropriate
to each audience

Barely cover the basics such as phishing

Cover ~70 topics from different perspectives, reflecting current information risks and topical security issues

Address compliance obligations - no more, no less

Broaden the outlook beyond legal and regulatory compliance to take in good security practices from across the globe plus strategic and tactical objectives from within the corporation, including corporate policy and contractual compliance

Broadcast management edicts and security instructions at staff

Encourage feedback and interaction from employees.  Actively engage with them - dialog not monologue

Deliver a random assortment of confusing and sometimes contradictory messages, written by a variety of authors with differing styles, preconceptions, knowledge and objectives

Integrate the awareness materials into a coherent, consistent, high quality and instantly-recognizable branded campaign

Think of “security awareness” and “compliance”
as an end in itself

Understand that awareness & training is merely a means to an end: the real objective is to create genuine behavioral changes that cut costs, increase assurance and enable the business to do things that would otherwise be too risky

Tell staff to comply with the rules for information security defined by management ... “or else!”

Help everyone (managers, staff and professionals) understand their respective security obligations; explain the security rationale; offer practical and relevant guidance in their own terms and familiar language

Try to sack those who break the rules but run into trouble with the lawyers or unions because “the rules weren’t clear” or they “aren’t enforced consistently”

Markedly improve security governance; ensure that everyone, at all levels, is aware of and understands their obligations; hold people personally accountable for their actions and inactions

Send staff away on expensive security training courses and awareness events with no follow-up

Raise security awareness without interrupting normal work; encourage people to seek out and explore additional informative resources on their own time and initiative - as much pull as push, carrot and stick

Be boring, tedious, generally irrelevant and widely ignored

Be creative, interesting, engaging, novel, relevant, occasionally challenging and provocative - even fun! Laughs permitted!

Communicate either in a formal, stuffy and stilted style, or else a superficial, rather offhand style using childish cartoon graphics and weak jokes

Use a full range of formal and informal communications styles and methods to suit the various adult audiences and messages, maintaining a professional business-like approach throughout

Employ cybersecurity professionals (if they have the time and competence) or costly technical authors (trained to write technical manuals in a technical style) to write information security materials for everyone

Utilize the services of professional authors, well-qualified and experienced security awareness specialists, creating creative materials to a consistently high quality standard for specific audience at a fraction of the cost

Aim the security awareness materials squarely at “end users” (meaning IT users), more-or-less completely ignoring other audiences throughout the organization

Engage people - all employees, not just computer users, at all levels - through an inclusive program giving appropriate guidance meeting their particular information needs

Cover just the essentials - the bare minimum requirements only

Cover the basics thoroughly, plus topical information security, governance, information risk, compliance, privacy, business continuity and related subjects

Rely entirely on online training

Supplement online/electronic delivery with a wide variety of awareness activities and techniques, exploiting social media and corporate social networking opportunities for face-to-face interactions between people

 Blindly hope that awareness messages will all sink-in and register

Measure awareness objectively through surveys, tests and metrics, using the data to fine-tune the awareness program month-by-month, quarter-by-quarter and year-by-year

Promise quick results from the awareness program and disappoint management when things don’t improve as fast as you’d hoped

Anticipate that genuine cultural change is a slow process; lead management and staff on the same journey to enlightenment

Pick someone junior from Information Security or Training to design and run the program, or “get someone in”

Draw on the professional expertise and energy of experienced security awareness and training specialists without the overheads and costs of recruiting, employing and managing them

Run the program purely as an internal IT activity
involving limited in-house skills and resources

Tap into resources and expertise throughout the organization such as Information Security, Site/Physical Security and Facilities, HR, Risk Management, Audit, Legal and Compliance and, yes, IT; treat information security as first and foremost a business issue.
TIP: it’s not not just about the technology.

We don't follow trends - we set themIn relation to setting the benchmark , some of our inventions, including concepts that have been central to the NoticeBored approach since 2003, have since mysteriously found their way into competitors’ offerings. They say imitation is the sincerest form of flattery, so we consider ourselves duly flattered! Nevertheless, we prefer to lead than to be led. We don’t follow industry trends so much as set them. Originality and quality will always define our products and differentiate us from the pack. We continue to innovate at every opportunity, frequently introducing new awareness topics and different types of engaging and creative awareness material. If you have a novel or unusual security awareness idea, get in touch.  Let’s talk.  Together, we can bring good ideas to fruition.

HomeAbout NBWhat we achieve together > Unique >

Copyright © 2019 IsecT Ltd.