Multi-dimensional enterprise-wide security: Corporate reputation

Learn how to protect information assets and resources within all areas of the enterprise and in compliance with all regulatory, policy and contractual requirements.

This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Read the entire e-book for free.

Reputation is another critical organizational business success asset. Without a good reputation, customers leave, sales drop, and revenue shrivels. Reputation must be managed well. A component of managing good reputation is ensuring personnel and business partners follow the right information security actions to lessen the risk of something bad happening to information; such incidents will likely lead to very unseemly news reports and media attention.

There are many issues that impact corporate reputation that can be addressed through effective ongoing information security training and awareness activities:

  • Customer complaints
  • Competitor messages and internal messages related to competitors
  • Customer satisfaction levels with your organization's security and privacy practices
  • Providing for customers with special needs and requests
  • Number of legal noncompliance reports regarding security and privacy
  • Perceived strength of posted security and privacy policies
  • Marketing with what is considered as spam
  • Number of staff grievances
  • Upheld cases of corrupt or unprofessional behavior
  • Number of reported security and privacy incidents
  • Staff turnover related to training and communications
  • Value of training and development provided to staff
  • Perception measures of the company by its personnel
  • Existence of confidential grievance procedures for workers
  • Proportion of suppliers and partners screened for security and privacy compliance
  • Proportion of suppliers and partners meeting expected standards on security and privacy
  • Perception of the company's performance on security and privacy by consumers worldwide
  • Proportion of company's managers meeting the company's standards on security and privacy within their area of operation
  • Perception of the company's performance on security and privacy by its employees
  • Perception of the company's performance on security and privacy by the local community
  • Dealing with activist groups, especially militant groups, opposed to the organization


      Protection strategies
      Risk assessment and analysis methodologies
      Define risks
      The goal of an information security policy
      Due diligence
      Corporate reputation
      Audit and validation
      Simplifying complexity
      Divide and conquer
      An action plan

    Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.
  • This was last published in January 2006

    Dig Deeper on Security Awareness Training and Internal Threats-Information

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.