Woman on PDA

IT Security Awareness

Castleforce are partnered with ISECT Ltd and resell their Noticebored Security Awareness material to provide an innovative information security awareness content service. 

We supply security awareness materials for your staff, managers and IT professionals, covering a fresh security topic each month. You can use our high quality, engaging materials and bags of creative energy to kick-start your information security awareness program, and build a genuine, widespread and deep-rooted security culture by:

Informing employees about current information security risks, illustrating them through topical news stories about real-world incidents;

  • Providing, explaining and promoting commonsense security policies, standards, procedures and guidelines, incorporating and describing a broad range of good practice security controls;
  • Describing information security roles, activities and obligations, promoting accountability and responsibility, and promoting compliance as something that benefits both the individual and the organisation;
  • Encouraging employees to think and talk about information security;
  • Gaining employees’ active participation in the organisation’s security infrastructure, going beyond simply ‘being aware’ by motivating employees to act more securely;
  • Measuring progress on security awareness - testing knowledge, comparing parts of the business and generating metrics to drive security improvements;
  • Most of all, making information security a subconscious habit - ‘the way we do things here’.

Noticebored are proud to have been acknowledged as a “best practice expert” in security awareness by ENISA, the European Network and Information Security Agency, alongside Gartner no less. The Noticebored Business Case for an Information Security Awareness Program contributed to ENISA’s Users’ Guide: How to Raise Information Security Awareness. The Users’ Guide expands considerably on our white paper with helpful advice to small companies on how to plan and establish security awareness programs.

Information security topic coverage

The complete portfolio of NoticeBored modules covers around 30 different information security topics. Most modules are refreshed/updated and reissued every three years or so with four core topics and the induction module being revised annually. The scope and contents of each module are derived from sources such as ISO/IEC 27001 and 27002, ITIL, COBIT, the Information Security Forum’s Standard of Good Practice, information security coverage in the professional news media and our own professional experience.

Here is the current portfolio of modules:

  • Accountability and responsibility - examines, explains and contrasts these two commonly misunderstood concepts in the context of information security;
  • Authentication and identity management (core module) - everything from choosing strong passwords to phishing, two factor authentication, biometrics, identity theft and access control;
  • Bugs! - errors in program specification, design, coding or configuration by software development professionals and end-users can create security vulnerabilities;
  • Change management - covers information security aspects of IT-related changes including patching, testing, configuration management and implementation of “IT projects”;
  • Compliance - fulfilling obligations under IT/information security-related laws, regulations, standards, policies, procedures and guidelines including issues such as copyright, privacy, ISO/IEC 27000-series, ITIL etc.
  • Computer auditing - understand what makes IT auditors tick, what they do and how to work with them most effectively;
  • Contingency planning - planning for success by preparing to cope with the worst - includes business continuity, resilience and disaster recovery;
  • Database security - securing large collections of valuable data against hackers, corruption, loss etc.;
  • Email security (core module) - risks relating to the receipt and sending of electronic mail including malware, defamation, phishing etc.;
  • General security awareness – our first module described security awareness tools and techniques.  This module subsequently became the induction module intended for new employee orientation;
  • Hacking - tips to counteract hackers, crackers, industrial spies, fraudsters, criminals and other adversaries, being primarily but not exclusively outsiders;
  • Incident management - the process around reacting to, containing, resolving and learning from information security incidents;
  • Information security management - roles, structure and reporting lines for the security management function and its relationships with others;
  • Information security risk management - explains the processes of analyzing and managing risks;
  • Insider threat - covering the security threats represented by employees and others working in a similar capacity;
  • Identity theft - based on the authentication and password modules, this one focuses specifically on identity theft risks and controls;
  • IT governance - controlling and minimizing IT risks forms an integral and vital part of corporate governance;
  • IT-related fraud - phishing, identity theft and other forms of fraud committed using IT systems and networks;
  • Keeping secrets - all about keeping sensitive corporate and personal information confidential;
  • Malware (core module) - viruses, worms, Trojans, key loggers, spyware, rootkits and more;
  • Mobile and home working - information security considerations for road warriors & those working from home;
  • Network security - all manner of information security issues linked with networking in general and the Web and wireless networks in particular;
  • Network & systems management - processes for securely installing, configuring, monitoring and managing IT;
  • Office information security - a range of security topics associated with the average office or workplace;
  • Passwords & biometrics (core module) - presents advice to staff on choosing stronger passwords, coupled with advice to managers and IT on choosing better user authentication mechanisms;
  • Personal data protection and privacy - focuses specifically on protection and privacy issues relating to data about living individuals (Personally Identifiable Information or Personal Data);
  • Physical security - protecting the facilities against unauthorized access, fires, floods, overheating, power disturbance, lightning ...;
  • Secure software development - integrating security with the system lifecycle from specification and design through to testing and configuration;
  • Social engineering (core module) - the only practical way to tackle this threat is through genuine security awareness;
  • Third parties - information security issues resulting from the increasing interconnectedness of modern organizations;
  • Trade secrets - covering a spectrum of activities from competitive intelligence to information warfare.

Noticebored put a lot of effort into researching and staying abreast of the very latest information security advances, threats and controls. When the technologies and approaches mature enough to enter the mainstream, they either update and reissue or prepare brand new modules. In this way, NoticeBored is constantly evolving.  
 

Price ... or rather value

An information security awareness program is the most cost-effective information security investment you can make. Stretch your limited information security and training budget even further with NoticeBored.  The price reflects the size of your organisation, measured by the total number of employees in your organisation.

Noticebored Price List

NoticeBored price pledge

We offer market-leading prices for small to medium-sized organisations and substantial volume discounts for larger ones. We will beat any genuine like-for-like competitive quotation . Go ahead, check out our competitors and put us to the test. We welcome the chance to bid for contracts of any size or organisation: private sector, government, education, charities, utilities ... whatever.

Hosted IT Security Awareness Training also available

Castleforce help deliver the Noticebored security awareness material in an online training format that can be used to strengthen awareness and confirm the understanding of policies and practises. 

The online training is delivered by Bizzybit who have a great deal of experience partnering with Local Authorities in the UK to produce effective training materials, delivered using their powerful eLearning tool.

 

Castleforce IT Security Training

Security-awareness programs have the highest payback compared with almost all other countermeasures.  When the people in your organisation become truly security conscious, they will come up with countermeasures that never occurred to you.

Quote from 'Spies Among us' by Ira Winkler.

The Business Case for an IT Security Awareness Program

Dr Gary Hinson BSc PhD CISSP CISM CISA MBA has developed the following white paper that documents the Business Case for an IT Security Awareness Program which clearly idenetifies the need and justification for such measures.  

Business Case for Information Security Program

Technical requirements:

  • An Internet connection capable of downloading the latest electronic delivery modules each month (approximately 30 Mb each) in a reasonable timeframe
  • A computer system capable of storing and editing the awareness materials (such as a standard PC or Mac)
  • File compression software to unpack the .ZIP files used for delivery
  • Suitable editing and presentation software (we recommend a recent version of Microsoft Office
  • Professional with MS Word, MS PowerPoint and MS Visio, plus your choice of image editing software capable of reading .JPG files; all NoticeBored materials are supplied in industry-standard file formats)

Other requirements:

  • Genuine management support for information security (this is not optional!)
  • A few man-hours of effort per month to select and if necessary edit the awareness materials
  • Some man-hours to deploy the materials to your employees for example through your email system, intranet, on paper and/or in person (presentations, team briefings, seminars etc.)
  • More man-hours to respond to managers, staff and IT professionals requesting more information on the awareness topics, to run security awareness competitions and to track employee awareness metrics using survey forms (provided) or other tracking techniques

Trend Micro Websense the Internet content filtering software for helping business management and employee productivity Assuria is a UK based IT Security software developer, providing automated compliance and information assurance solutions Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Breach Security Celestix produce high performance appliances coupled with hardened Microsoft security products Barracuda Logo Acronis Backup and Recovery Software Tricerion Identity Integrity Check Point firewalls and Pointsec Encryption software Mimecast Partner SkyRecon Intelligent Client Security Integrated Encryption and Device Control eSoft Network + Application layer firewalls with optional Web filtering, Spam Protection and IPS

© Copyright Castleforce 2007-2008. Web design by Theme Group