Frequently Asked Questions about SecAware

What's wrong with creating my own awareness & training content?

Nothing, provided you have the capability and resources to do so. However, it's harder than it seems to prepare effective awareness and training content. There's both art and science to it. It's not just a matter of assembling a random assortment of stuff grabbed from wherever. Telling people what not to do, and warning them about dire consequences if they do, may not be the most sensible approach. This is adult education on a complex and largely technical topic, with a diverse audience for whom the topic is perceived as peripheral or irrelevant to their lives and jobs. Frankly, even spelling and grammar are challenging for some awareness authors, let alone motivational text and compelling graphics!

Can't I just get free stuff off the web?

You can ... but ... be careful about copyright. Respecting Intellectual Property Rights is just one of the things your colleages need to understand: 'do as I say, not as I do' is a poor way to teach or tell. Much of the genuinely free content out there is of low quality - often inadequately researched, poorly written, scrappy and badly out of date. Some of it is misleading, or plain wrong ( e.g. instructions to change passwords regularly). Using free/cheap-n-nasty stuff betrays your organization's lack of concern for information security, sending out a powerful but distinctly negative awareness message, quite the reverse of what you intend. Besides, our stuff is priced realistically. We honesly believe we offer the best value in the market, by far. See what you think.

We only need the basics.  What use is the rest?

The basics are a great place to start - start being the operative word. If your awareness and training only covers the basics, you are missing out on the business benefits of a security aware workforce, a "security culture". Worse still, your organization is not just facing basic threats: if you have any kind of Internet connection anywhere in the organization, you are exposed to the entire world. If you have valuable trade secrets and sensitive personal information to protect, the basics definitely won't suffice. If you depend on information (with or without IT), you are hanging by a thread above the Pit Of Disaster with only basic security in place, including minimal security awareness.
By all means start simple and grow it from there, but don't hang about.

Does your content cover regulation 12345 part 6 article 7 clause 8.9.10a?

If it relates to information risk and security, almost certainly yes ... but probably only in a general way: with a few exceptions (such as GDPR) we deliberately shy away from focusing on specific laws and regulations for two key reasons: (1) We are not lawyers. We are not competent to advise on specific legal and regulatory matters. We are not paid nearly enough to provide that kind of specialist service. (2) Globally, there are so many laws and regulations, plus rules and accepted practices and professional guidelines and contractual clauses and so forth that impinge in some way on information risk and security that we cannot possibly be familiar with them all. Our customer base is international. We stick to principles that apply more or less universally. (3) [Free bonus reason] You are actively encouraged to elaborate on the SecAware content to suit your specific requirements. We provide the prompts, the inspiration to set you going but it's up to you to 'make it yours' ... with the huge advantage that you know what matters to your business, here and now. We have no clue. Done properly, customization is more than just re-badging our stuff, replacing our logo with yours: we want you to draw out points that resonate with your audiences, that make sense to them and motivate them to behave securely. We'll do all we can to support and enable you to do that - taking away the drudgery of researching and preparing top quality awareness and training content for instance.

Can you cover a specific topic for us?

Yes. Please tell us what you're after. With gigs of content on hand, we probably already have relevant security awareness and training content unless your topic is highly specific or obscure ... in which case we can prepare fresh materials for you. Let's talk!

Do you maintain the content?

Not exactly. After purchasing and downloading materials from this website, we are unable to maintain them for you. We no longer even have access to or control over them, assuming your security controls are effective anyway! However, you will find new and updated materials released here from time to time. And you can always engage us to develop fresh materials for you on a consultancy basis. please visit for details.

Our ISMS IT system includes documentation: why would we need more?

The built-in content may be sufficient ... but we can do better. We've been working with the ISO27k standards since the 90's, preparing information security strategies, policies, procedures, awareness and training content all that time. Our breadth and depth of experience is unparallelled. The documentation provided with several commercial ISMS systems and services, even some ISMS toolkits, is generally basic and limited. Aside from poor grammar and phrasing, the materials have typically been prepared by technologists with a narrow perspective on the field. We understand that information security and privacy are more than just compliance imperatives: there are business objectives to both protect and exploit information, hence a balanced view is essential.

SecAware logo 150 animated ezgif.gif