Multi-dimensional enterprise-wide security: Corporate reputation
This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.
Reputation is another critical organizational business success asset. Without a good reputation, customers leave, sales drop, and revenue shrivels. Reputation must be managed well. A component of managing good reputation is ensuring personnel and business partners follow the right information security actions to lessen the risk of something bad happening to information; such incidents will likely lead to very unseemly news reports and media attention.
There are many issues that impact corporate reputation that can be addressed through effective ongoing information security training and awareness activities:
Customer complaints
Competitor messages and internal messages related to competitors
Customer satisfaction levels with your organization's security and privacy practices
Providing for customers with special needs and requests
Number of legal noncompliance reports regarding security and privacy
Perceived strength of posted security and privacy policies
Marketing with what is considered as spam
Number of staff grievances
Upheld cases of corrupt or unprofessional behavior
Number of reported security and privacy incidents
Staff turnover related to training and communications
Value of training and development provided to staff
Perception measures of the company by its personnel
Existence of confidential grievance procedures for workers
Proportion of suppliers and partners screened for security and privacy compliance
Proportion of suppliers and partners meeting expected standards on security and privacy
Perception of the company's performance on security and privacy by consumers worldwide
Proportion of company's managers meeting the company's standards on security and privacy within their area of operation
Perception of the company's performance on security and privacy by its employees
Perception of the company's performance on security and privacy by the local community
Dealing with activist groups, especially militant groups, opposed to the organization
MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY
Introduction
Protection strategies
Risk assessment and analysis methodologies
Define risks
The goal of an information security policy
Due diligence
Corporate reputation
Audit and validation
Simplifying complexity
Divide and conquer
An action plan
ABOUT THE AUTHOR:
|
|
Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.
|
|
Dig Deeper
-
People who read this also read...
This was first published in January 2006