Tom Peltier discussed “Selling Information Security” at last month’s Detroit ISSA chapter meeting. Mr. Peltier illustrated the communication gap between business and technical stakeholders in an organization. His suggestions on bridging the gap centered on selling security to the management team. Central to his message was the security practitioners’ responsibility to understand their customer’s business.According to the Ernst & Young 2008 Global Information Security Survey, the link between information security and brand equity is recognized by a growing number of companies. 85% of the 1,400 respondents cited damage to corporate reputations and brands as a key motivator for increased security concerns. Understanding how information security can contribute to brand equity can enable us to enable corporate success.Brand equity refers to the value that a brand gives a company’s products. It includes the following dimensions.DifferentiationIn order for a company to succeed, it must differentiate itself positively from its competitors. Security solutions can either be a component of this differention or an enabling one. For example, the American Express Blue Card made security part of its brand image. This card included a chip that enabled its security features.RelevanceDoes your solution maintain or enhance the relevance of the corporate brand to its customers? This concern is particularly relevant when considering internal customers. Understanding the relevant aspects of a process, for example, allows you to address them.EsteemCompanies allocate significant resources to the perceived quality and related perceptions of their brands. Starbucks, for example, has higher brand esteem than a convenience store coffee stand. If a proposal does not highlight the perceptions created by a solution, management may miss the point. I learned this lesson on my first nonprofit vulnerability assessment. While my report captured all the vulnerabilities in their environment correctly, it did not communicate the social ROI in terms of esteem.By understanding how the business invests in these dimensions, one can indentify the concerns of management and frame their solutions accordingly. This requires that the solutions are understood intimately. According to brand expert Martin Lindstorm, “If you can’t discuss your product without referring to canned phrases, stats, or comparisons, you don’t understand the product well enough.” Related content opinion Positioning the Security Team Through Influence Part 1 Influence styles are a reflection of the influencers and, by extension, their team. Thus, they must understand the situations to which different styles are applicable. This series explores the common influence styles and their application. By Steven Fox Apr 21, 2012 3 mins Technology Industry IT Jobs opinion From Obstacle to Ally - Repositioning the Security Team Pt 1 By Steven Fox Apr 08, 2012 3 mins Technology Industry IT Strategy opinion Key Sessions at CISO Executive Summit 2011 By Steven Fox Dec 03, 2011 3 mins Business Continuity Data and Information Security Careers opinion Securing User Credentials On Mobile Devices By Steven Fox Nov 15, 2011 4 mins Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe