What is this?

Funnies for your security awareness programs. That’s it. We provide content and you can do what you want with it. You can e-mail it, post it on your intranet, make posters out of them – it’s entirely up to you. Even if you do weekly ‘campaigns’ then you have enough content for years without having to repeat any content. New content is also being added all the time.

Why Comic strips?

Employee attention spans and retention is notoriously low for awareness material. No one has time nor the inclination to read any company security policies or even long e-mails about what our security responsibilities are. On top of this, studies have shown that violence, humour and sexual content are typically retained as everyone can relate to them. In the workplace, the only (usually) permitted content is humour.

A comic strip ensures an employee can read it (it takes between 10-15 seconds) and they retain it (hence the element of humour). Adding a visual aspect also ensures they are catchy and more likely to be seen that a giant list of bullet points of things they should be doing.

How is content organized?

Content is divided into 5 categories:

  • Data Protection and Compliance – Topics covered here include data privacy and compliance frameworks, such as PCI-DSS, ISO27001, GDPR and more. You’ll also find Business Continuity here.
  • Workstations and Devices – This section covers employee workstations, mobile devices and acceptable use issues. It also covers password use and access control issues.
  • Social Engineering and Incidents – This category covers social engineering attacks such as phishing and vishing, and deals with incidents and incident response.
  • Industry, vendors and misc – This category covers the craziness of the infosec as a whole and other topics that don’t fit into any of the above categories
  • Videos – We have started producing video content and you’ll find that in this category

All usage is unlimited as long as you leave the copyright notification intact and don’t modify content in any way.

Can this help me with PCI-DSS and ISO27001 compliance?

Absolutely. PCI-DSS requirement 12.6 and ISO27001 7.2.2 all revolve around information security awareness. The message you send in your campaigns being entirely up to you, as long as you supplement each comic strip with a relevant message, then retention will be high and this will ensure you meet the compliance requirements of your various frameworks.

Can you e-mail out the awareness campaigns for us?

This is not a service we provide (yet). The catalogue of content at your disposal is for you to build your own security awareness campaigns, which we believe can be done quite quickly and easily if you use things like e-mail and / or have a company intranet. There’s a few pointers on how to build your awareness campaign in the content section.

Is this free?

Yes, just credit us if you put some of our content into your presentation or awareness training.

Can we modify the comic strips ourselves?

No. They are provided as is and must be used as such in awareness campaigns with the copyright intact.

Do you provide them in other languages?

This is definitely planned, and we’ll eventually release multi-language options for each comic strip.

What if I have an idea for a topic or issue I’d like you to tackle?

Feel free to send along any ideas or topics that haven’t been covered or if there’s something you’d like to see we’ll do our best to add them to the catalogue. Just send an e-mail to contact ‘at’ scrytap.com