• United States



Brand Equity – Why should Security Professionals care?

Apr 27, 20092 mins
CareersIdentity Management SolutionsIT Leadership

Tom Peltier discussed “Selling Information Security” at last month’s Detroit ISSA chapter meeting.  Mr. Peltier illustrated the communication gap between business and technical stakeholders in an organization.  His suggestions on bridging the gap centered on selling security to the management team.  Central to his message was the security practitioners’ responsibility to understand their customer’s business.

According to the Ernst & Young 2008 Global Information Security Survey, the link between information security and brand equity is recognized by a growing number of companies.  85% of the 1,400 respondents cited damage to corporate reputations and brands as a key motivator for increased security concerns.  Understanding how information security can contribute to brand equity can enable us to enable corporate success.

Brand equity refers to the value that a brand gives a company’s products.  It includes the following dimensions.DifferentiationIn order for a company to succeed, it must differentiate itself positively from its competitors.  Security solutions can either be a component of this differention or an enabling one.  For example, the American Express Blue Card made security part of its brand image.  This card included a chip that enabled its security features.RelevanceDoes your solution maintain or enhance the relevance of the corporate brand to its customers?  This concern is particularly relevant when considering internal customers.  Understanding the relevant aspects of a process, for example, allows you to address them.EsteemCompanies allocate significant resources to the perceived quality and related perceptions of their brands.  Starbucks, for example, has higher brand esteem than a convenience store coffee stand.  If a proposal does not highlight the perceptions created by a solution, management may miss the point.  I learned this lesson on my first nonprofit vulnerability assessment.  While my report captured all the vulnerabilities in their environment correctly, it did not communicate the social ROI in terms of esteem.By understanding how the business invests in these dimensions, one can indentify the concerns of management and frame their solutions accordingly.  This requires that the solutions are understood intimately.  According to brand expert Martin Lindstorm, “If you can’t discuss your product without referring to canned phrases, stats, or comparisons, you don’t understand the product well enough.”


Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit. Follow him on Twitter - Join his LinkedIn network -