RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into...
Transcript of RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into...
![Page 1: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/1.jpg)
1 ©2018 RSA Security, LLC., a Dell Technologies business
RSA VERBAL GUIDELINES
![Page 2: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/2.jpg)
2
Our verbal identity refers to our brand voice: how we "sound" as a
company and the sentiments we express in our communications.
The RSA brand voice is built on the following three attributes:
Clear. Confident. Compelling.
These attributes were selected for a variety of reasons, among them: They're timeless,
not trendy; they reinforce our visual brand and business goals; and they're flexible.
In the sections that follow, you'll find an overview of the industry trends that gave rise to
our new "Clear. Confident. Compelling." brand voice, along with detailed guidance on
how to implement it. Please follow these guidelines carefully to ensure consistency and a
high level of quality across our communications.
VERBAL IDENTITY
![Page 3: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/3.jpg)
3
Just as our visual brand identity underwent a major transformation in 2017, the
time has come to refresh and refocus the brand voice we use across our
external communications. Our voice as a company should reflect our visual
identity and support the same goals:
▪ Reposition RSA as the enterprise cybersecurity and business risk
management leader.
▪ Make RSA synonymous with the concept of business-driven security by
reinforcing our messaging around digital risk and the convergence of
cybersecurity and risk management.
▪ Reposition RSA as an INNOVATIVE LEADER.
▪ Ensure RSA is recognized as a trusted advisor to our business decision-
maker, technology decision-maker, partner and media/analyst audiences.
▪ Differentiate ourselves in an increasingly crowded, competitive market.
What exactly is our brand voice? It’s best summed up in the following three
attributes:
CLEAR. CONFIDENT. COMPELLING.
INTRODUCTION
The pages that follow present a business case for this new brand voice. They
provide an overview of the industry shifts and trends prompting us to reexamine
our voice and explain why the attributes clear, confident and compelling should
form the foundation. This guide also features writing tips and annotated
examples of how we can bring these attributes to life in our external
communications.
The second half of this document serves as a copy style guide for RSA. It covers
the nuts and bolts of spelling, punctuation and formatting, and takes into
consideration search engine optimization and other digital media requirements.
Creating a comprehensive style and usage guide that covers every issue a writer,
editor or proofreader may encounter is no small feat, and surely, there are entries
missing from this document. If you notice something missing, please reach out
to [email protected] and we’ll consider it for inclusion in a future update.
The guidelines contained herein were created in consultation with The
Associated Press Stylebook (online edition), The Chicago Manual of Style, The
Elements of Style, and other reputable sources.
The goal of this style guide is to help RSA build and maintain its credibility by
improving the quality and consistency of all external communications. We write
for a very sophisticated audience: Our customers and prospects are well-
educated and well-read, and many of them work at the highest levels of their
organizations. Our communications must exceed their standards and scrutiny.
![Page 4: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/4.jpg)
4
INDUSTRY TRENDS
![Page 5: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/5.jpg)
5
Cybersecurity has become a business priority.
For decades, public- and private-sector enterprises treated cybersecurity as a technology issue. Cybersecurity teams functioned within the IT department and relied on technology (firewalls, intrusion detection systems, anti-virus software) to prevent security breaches. Business executives, already estranged from the mysterious workings of their IT departments, saw little reason to get involved.
To this day, many organizations continue to treat cybersecurity as a technology issue. But leading organizations—especially those in highly regulated industries like financial services—realize the technology-centric approach is no longer viable. It doesn’t adequately protect their organizations against today’s threats, and it’s becoming financially burdensome. As a result, they’re embracing a new approach. At RSA, we call it business-driven security.
What has prompted this shift among industry leaders?
A number of factors have converged. For one, cyber threats have multiplied in quantity and impact. From Target, Sony and Equifax to government and political targets, organizations have repeatedly seen the damage a cyber attack can create. According to an in-depth study conducted by Deloitte, the total cost of a cyber attack can easily reach into the billions of dollars for large organizations, and the financial, operational and reputational impacts can linger for as long as five years. All this has put business leaders on notice.
INDUSTRY TRENDS SHAPING THE RSA BRAND VOICE
In addition, regulatory bodies, including the European Union with its General Data
Protection Regulation (GDPR), have shined a blinding spotlight on cyber risk. In
the U.S., healthcare providers bound by the HIPAA and HITECH Acts face massive
regulatory fines for data breaches, not to mention the threat of class action lawsuits,
at a time when they’re already under tremendous financial pressure.
In the financial services sector, the global financial crisis of 2008 and the regulations
that came out of it (Dodd-Frank, Basel III) focused on reducing risk across the
industry. While neither Dodd-Frank nor Basel III address cybersecurity specifically,
these regulations have had the overall effect of heightening corporate boards’
sensitivity to risk, including cyber risk. Even if Dodd-Frank gets repealed in the U.S.,
there’s no question boards and business leaders in this sector will continue to play
an active role in overseeing cyber risk, given the potentially devastating impact a
systemic cyber attack could have on the U.S. and global economy.
Meanwhile, the SEC’s 2011 cybersecurity guidance, the Federal Information
Security Management Act (FISMA), former President Barack Obama’s
2013 executive order 13636 and the NIST Cybersecurity Framework have drawn
even more attention to cybersecurity across public and private sector enterprises.
Taken together, these factors have catapulted cybersecurity out of the back room
and into the boardroom, and have compelled RSA to transform both its visual brand
identity and its brand voice.
![Page 6: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/6.jpg)
6
The factors that have made cybersecurity a business issue are changing
the role of the CISO. CISOs are under mounting pressure to address
cybersecurity as a business risk and act more like business risk managers
than security technologists. They’re being summoned by corporate boards
to answer tough questions about cyber risk that they’re often unprepared to
answer.
Moreover, CISOs’ traditional reporting relationships are being questioned.
Where CISOs have traditionally reported to CIOs, some organizations and
risk management experts say that structure needs to change.
The Federal Financial Institutions Examination Council (FFIEC), for
example, maintains that the CISO-CIO reporting relationship
creates conflicts of interest that heighten an organization’s cyber risk. As
a result, the FFIEC advocates for CISOs reporting to “the board, a board
committee or senior management.” Moves like the FFIEC’s to shift CISO
reporting structures will hasten changes in, and expectations for, the role.
THE CHANGING ROLE OF THE CISO
With cyber risk becoming a business issue, other stakeholders, including risk and
compliance leaders, are getting more involved. Indeed, today’s dynamic risk and
regulatory landscape is also changing their roles, along with the role of auditors
and other professionals served by the RSA Archer® business. The involvement of
risk and compliance professionals in cybersecurity could potentially set up a
power struggle between CISOs and chief risk officers, but a better outcome
would see a strong partnership between these two leaders who possess
complementary skill sets and who very much need each other to create a holistic
picture of cyber risk. Our position at the juncture of cybersecurity and risk
management gives us an ideal platform for bringing these two stakeholders
together and for championing the concept of business-driven security.
![Page 7: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/7.jpg)
7
In light of these trends, we need a brand voice that speaks to cybersecurity as a business
risk, that resonates with an expanding array of executive stakeholders, and that helps to
educate and elevate our core audience of security leaders.
Ultimately, our external communications need to demonstrate that we understand the
business-, technology- and security issues our customers face as well as—if not better
than—they do. We need to speak the language their boards of directors and executive
teams use, and do it convincingly. We want our communications to prompt them to think of
us as thought leaders and trusted advisors capable of guiding them through their thorniest
challenges.
The clear, confident, compelling voice will have the added benefit of differentiating us from
competitors in both the cybersecurity and GRC markets. Many companies in the
cybersecurity space, including Carbon Black, LogRhythm, Endgame and FireEye, focus on
the technical and tactical aspects of their products, particularly in their web copy. What’s
more, they continue to rely on FUD marketing techniques and employ militaristic language
to describe their capabilities. Just as our new brand identity makes a clean break from FUD
marketing, so too should our brand voice.
In the GRC arena, competitors like ServiceNow and MetricStream have strong, business-
oriented messaging. ServiceNow in particular has a slick website with clear, succinct
messaging. The quality of the copy on MetricStream's website has taken a dip in recent
months, so with this verbal style guide combined with our broader campaign efforts, we
have an opportunity to widen our edge on MetricStream and close in on ServiceNow and
other competitors in this space.
BOTTOM LINE
![Page 8: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/8.jpg)
8
BRAND VOICE
![Page 9: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/9.jpg)
9
Our communications are an essential vehicle for
generating leads and building trust with business
decision-makers, technology decision-makers, the
media, the research analyst community and other
parties. In many cases, our written
communications represent the first interaction
these stakeholders have with us as a company. If
we don’t draw them in immediately with a clear,
compelling, positive and polished message, there
may be no getting them back.
BRAND VOICE
![Page 10: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/10.jpg)
10
Our audience doesn’t have time to figure out what we mean or what we’re trying
to say. If they can’t understand our ideas or the benefits of our products, they’re
not going to continue reading—whether it’s web copy, a white paper or a press
release.
White papers and other content assets we use to support our lead generation
efforts are a particularly important example because one poorly written piece of
content could have a chilling effect on our ability to generate leads. Imagine a
prospective customer clicks on an RSA banner ad and comes to a registration
page for one of our white papers. The prospect fills out the form, downloads the
white paper and begins reading—only to feel confused and disoriented after the
first paragraph. The prospect stops reading and doesn't pay attention to any of
our other, subsequent marketing efforts. We've lost that lead.
Unclear communications reflect poorly on our brand and lead people to question
the quality of our products and services. Our credibility as a company is very
much tied to the quality and clarity of our communications.
Bottom line: A clear voice is easy to understand. It uses straightforward
language and short sentences to communicate complex ideas or technical
topics. With so much impenetrable writing in the marketplace, clarity can help to
differentiate and elevate RSA. Clarity is table stakes.
CLEAR
![Page 11: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/11.jpg)
11
Example 1
An Unclear Sentence vs. a Clear Sentence
Unclear: The primary objective of the RSA
Cyber Risk Appetite survey is to understand
the behaviors and practices of organizations
in regard to cyber risk.
Clear: The RSA Cyber Risk Appetite survey
gauges organizations’ attitudes toward cyber
risk and reveals the measures they’re taking
to address it.
CLEAR: EXAMPLES
Example 2
Clear Enough vs. Crystal Clear
Clear Enough: Effectively managing risk is
critical for the success of every organization.
In fact, understanding which risks are worth
taking is one of the most important facets of
business today. Avoiding certain risks is smart
business. But playing it too safe is a sure way
to let the competition outpace you.
Unfortunately, the complexity of business, the
speed at which new risks emerge, and the
volatility of risk are all dramatically increasing.
This makes it very difficult for organizations to
adequately prepare for or respond to risk.
Crystal Clear: Today, every organization’s
success hinges on its ability to manage risk.
Understanding which risks are worth taking—
and conversely, knowing which ones to
avoid—separates winners from losers in every
industry. And yet the complexity of business,
the speed at which new risks emerge, and the
volatility of risk make it increasingly difficult for
organizations to plan and respond.
Example 3
Art Fontaine’s Blog, Threat Hunting and
the Cloud: A Dynamic Tension
Art took an incredibly complex topic—cloud
security—and made it incredibly easy to
understand. Note his use of short sentences.
Note the rhythm of his sentences.
To communicate clearly, follow these
basic guidelines:
Say what you mean. Take the time to
think about what you’re really trying to
say. See the above examples of unclear
vs. clear sentences.
▪ Avoid jargon, buzzwords, vague
words and unnecessary words.
▪ Use short, tight sentences.
▪ Be specific. Offer salient
examples.
▪ Choose your words carefully.
![Page 12: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/12.jpg)
12
Our copy must convince customers they will be in good, sure hands with
RSA. So we need to demonstrate our own confidence and inspire the
confidence of others, preferably without constantly using the words
“confident” and “confidence” in our copy, which gets tedious for readers.
How do we do that? Through our subject matter expertise and our writing
style:
▪ We must be subject matter experts in our respective domains. We
must know what we’re talking about, and we must be able to
express our thoughts using clear, straightforward language. I can’t
underscore the importance of domain knowledge. Without it, our
communications are devoid of substance and utterly unconvincing.
▪ Writing style speaks to three elements: 1) the rhythm of
sentences—how they sound when we read them aloud; 2) the
length of sentences—how we combine long and short; and 3) the
words we choose. Weak writing doesn’t inspire confidence.
Muscular writing does.
Subject-matter expertise and style work hand in hand. You can’t have one
without the other. A white paper written by a subject matter expert who
can’t compose a lucid sentence will be a train wreck. The same goes for
a white paper produced by a writer with no knowledge of our subject
matter.
Note that while we want to convey our own confidence, we want to be
subtle about it. We don’t need to beat our chests.
CONFIDENT
Also note that the attribute “Confident” gives us wide latitude to express a
range of related traits that further reinforce our voice and what we stand
for as a company. For example, through the attribute of confidence, we
project:
▪ Positivity – We speak to possibilities. Rather than focusing on
doomsday scenarios, we show our stakeholders how our solutions
can help organizations improve their performance, and ultimately,
thrive amid risk and uncertainty.
▪ Experience – We’ve seen it all. We’ve been around a long time,
pioneered PKI and two-factor authentication, and weathered many
storms. This gives us authority in our space. Now, we don’t always
need to explicitly invoke our three decades’ worth of experience,
and we never want to come off as authoritative or parochial, but
there are subtle ways we can express our experience to inspire trust
and confidence.
▪ Innovation – RSA has been an innovator since the company was
founded in 1982. To this day, we're redefining what it means to be a
SIEM, transforming the notion of secure access, pioneering identity
assurance, and so much more.
![Page 13: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/13.jpg)
13
Example 1
RSA Boilerplate
RSA® Business-Driven
Security™ solutions uniquely
link business context with
security incidents to help
organizations manage digital
risk and protect what matters
most. With award-winning
cybersecurity solutions from
RSA, a Dell Technologies
business, organizations can
detect and respond to
advanced attacks; manage
user identities and access;
and reduce business risk,
fraud and cybercrime. RSA
solutions protect millions of
users around the world and
help more than 90 percent of
Fortune 500 companies take
command of their security
posture and thrive in an
uncertain, high-risk world.
CONFIDENT: EXAMPLES
Example 2
RSA SecurID® Suite “Reimagine
Your Identity Strategy” Campaign
Copy
PREPARE YOUR BUSINESS FOR
TAKEOFF
Imagination. Ambition. Fearlessness.
They’re the jet fuel that launches
businesses to new heights. Your
identity strategy should be the engine
that keeps your business—and your
users—soaring.
Reimagine your identity strategy with
RSA SecurID® Suite, the industry’s
most advanced identity and access
assurance solution that helps
minimize risk and accelerate
business. With RSA SecurID Suite,
you’re free to explore a world of
limitless possibility.
Tips for communicating confidence:
▪ Use the active voice instead of the passive voice. Don’t know what that is?
Here’s an example:
− Passive voice: The suite was used to identify the malware used in a new pair of
attacks. (The passive voice doesn’t identify the actor or subject in a sentence.)
− Active voice: RSA Research used the suite to identify the malware in a new pair of
attacks.
▪ Use specific, powerful, emotive words, especially active verbs.
▪ Keep the rhythm of your sentences in mind.
▪ In general, across all forms of content, try to limit your use of long,
complex sentences. Long sentences are sometimes unavoidable in our
technical trade, but make them the exception rather than the rule because
they can easily tire and confuse readers. For web copy, social copy and
marketing/demand gen copy, keep sentences short and punchy.
▪ Avoid using military terminology and analogies. Because the U.S.
cybersecurity industry has such deep roots in the military, and because so
many ex-military officers now work in the cybersecurity industry, we’ve
appropriated much of their language (e.g., references to battlefield,
adversaries, theater of war, etc.) Sometimes this language is unavoidable
(like when we’re actually talking about cyber warfare between nation
states), but in general, it smacks of FUD and feels dated. What’s more,
militaristic language may have the effect of alienating certain groups in the
cybersecurity industry at a time when RSA is deeply committed to making
it more inclusive.
![Page 14: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/14.jpg)
14
We want our communications to compel readers to take some kind of action,
whether to open an email, register for content, request a sales meeting,
interview an RSA executive, or simply, continue reading.
Compelling writing tells a story with speed, brevity, and at times, flourishes of
tasteful humor. It addresses the issues our stakeholders care about most, and
puts the business value and benefits of RSA solutions front and center.
Compelling writing doesn’t get mired in onerous or pedantic detail, and it cuts
to the chase without sacrificing essential background or context.
COMPELLING
![Page 15: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/15.jpg)
15
Example 1
Opening Paragraphs of the Reimagine Your Identity Strategy E-Book
Remember when you were a kid? A cardboard box was a rocket ship ready
to blast off to the moon. Intricate castles emerged from the sand. And just
about anything—from blankets to tree branches—could become a secret
fort.
What if imagination and creativity flowed as freely in your business?
Unhindered by fear or insecurity, you’d have the courage, ambition and
hope to reach new users, deploy new technologies and grow your business
faster. You could conquer the world (or at least the marketplace).
Your identity strategy should be the wings that keep your business—and
your users—soaring.
Reimagine your identity strategy with the RSA SecurID® Suite, the
industry’s most advanced identity and access assurance solution that helps
minimize risk and accelerate business. With the RSA SecurID Suite, you’re
free to explore a world of limitless possibility.
COMPELLING: EXAMPLES
Example 2
Leadspace Copy for Networking Monitoring & Forensics on RSA.com
NETWORK MONITORING & FORENSICS
RSA NetWitness® Logs & Packets
How quickly can you detect a cyber attack? When the clock is ticking, you
want a network monitoring tool that illuminates suspicious activity across
your network and captures detailed data about potential incidents to speed
forensic investigations. With RSA NetWitness Logs and Packets you get
award-winning technology:
▪ Frost & Sullivan 2016 Global Network Security Forensics Enabling
Technology Leadership Award.
▪ Best SIEM – 2015 & 2016 – American Security Today Homeland
Security Award.
![Page 16: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/16.jpg)
16
▪ Consider the rhetorical question. Pose rhetorical questions that hit on core issues for our audience,
but don’t overuse this device.
▪ Create urgency. Note that creating a sense of urgency around a topic is different from peddling in fear,
uncertainty and doubt. There’s an inherent urgency to our subject matter. It’s OK to play this up, but be
judicious about it.
▪ Think about tone. Tone is critical to making a point and connecting with your audience, and it’s
essential to positioning RSA as a trusted advisor. The tone you employ may differ depending on the
topic you need to address and the format in which you need to address it (e.g., social post vs. blog vs.
press release vs. e-book). The tone of the Reimagine Your Identity Strategy e-book, for example, is
inviting and conversational and reflects the tone of the broader Reimagine Your Identity Strategy
campaign. In contrast, the tone of the RSA NetWitness Suite “Can Your SIEM Do This?” campaign is
punchy and direct. Content writer Mary Summerall uses humor to great effect in her writing to connect
with the audience and to inject some levity into the otherwise serious business of managing risk. The
humor she uses demonstrates our understanding of our subject matter and our ability to make light of it
(when appropriate), just as audience does from time to time.
▪ Use facts and data. Whenever possible, use facts to make or substantiate a point. Look to research
RSA has conducted first. Avoid research from direct competitors. Data may also come from
government sources, credible media outlets and industry groups. Always cite your sources, either in-
line with a hyperlink or with a footnote or endnote. Don’t overuse numbers or statistics.
▪ Omit unnecessary words. Strong writing is concise. Every word in a sentence must have a purpose.
If it doesn’t, delete it.
▪ Focus on business value and benefits. Articulate the value of our products in clear terms.
TIPS FOR COMPELLING WRITING
![Page 17: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/17.jpg)
17
COPY STYLE GUIDE
![Page 18: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/18.jpg)
18
The copy style covers the nuts and bolts of proper spelling,
punctuation, usage and formatting. Here you'll find guidance on
how to spell cyber- words, when to use the serial (Oxford) comma,
when to use the &, when to use hyphens, how to format endnotes
and more. Please follow this guide closely to ensure quality and
consistency across all RSA communications.
This bespoke style guide was created in consultation with the AP Stylebook, The Chicago
Manual of Style, The Elements of Style and other reputable sources.
Creating a comprehensive style and usage guide that covers every issue a writer, editor or
proofreader may encounter is no small task, and surely, there are entries missing from this
document. If you see something missing or have questions about a style issue, please
contact [email protected].
COPY STYLE GUIDE
![Page 19: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/19.jpg)
19
AM and PM (for time, all caps, no periods.)
among (not amongst)
antimalware (all one word, for SEO and because the AP Stylebook
offers conflicting guidance on anti- terms like this.)
antispam (all one word, for SEO and because the AP Stylebook offers
conflicting guidance on anti- terms like this.)
antivirus (all one word, for SEO and because the AP Stylebook offers
conflicting guidance on anti- terms like this.)
boardroom (one word, always lowercase, per AP Stylebook and
Webster’s New World Dictionary.)
board of directors (always lowercase, per AP Stylebook.)
business-driven security: The guidance on business-driven security
has evolved significantly since RSA legal first established it in February
2017 and continues to mature. Please refer to the following guidelines
when trying to determine if/when to capitalize business-driven security
and when/how to use the trademark symbols. Do not base your decision
upon what you see online or in existing collateral as much of that is now
out of date.
1) If you're writing a white paper, e-book, blog or similar type of content
and you're referring to business-driven security as a general concept or
approach to managing cybersecurity in a sentence, write business-driven
security using all lowercase letters and without the trademark symbol.
Example:
GUIDELINES FOR SPELLING
Business-driven security is a way of breaking the silos of security and
business risk, and aligning business initiatives with security from the
onset. Organizations that embrace a business-driven security
approach position themselves to establish visibility across systems,
use analytics to drive insight, orchestrate response and gain the
contextual intelligence to put security details in business context.
2) When using business-driven security as a branded phrase in the
context of RSA products/services/solutions, use the following
typographical treatment with appropriate trademarks, regardless of where
it appears (print/digital ads, e-book, white paper, web, etc.):
RSA® Business-Driven Security™ solutions
Note the capitalization of the B, D and S in the above. Also note that
"RSA®" must immediately precede "Business-Driven Security™" and that
a noun, such as solutions, must follow "Business-Driven Security™" to
apply the trademark symbol properly. The noun is always all lowercase in
running text; in a headline, it would be initial capped (e.g.,
RSA® Business-Driven Security™ Solutions).
On subsequent references to RSA Business-Driven Security solutions,
you can omit the trademark symbols, but continue to capitalize the B, D
and S. To protect our trademark around this term, as much as possible,
try to use "Business-Driven Security" as an adjective, in the context of
RSA products/services/solutions.
![Page 20: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/20.jpg)
20
3) When using business-driven security in creative for print or digital ads,
use BUSINESS-DRIVEN SECURITY (all caps) when it appears in
headlines or as part of the RSA® BUSINESS-DRIVEN SECURITY™
lockup. As long as we have the trademark symbol (™) in the lockup at
the top or bottom of the ad, it's not needed in the headline or payoff
copy.
4) Never abbreviate business-driven security as "BDS" in any
communications, internal or external. BDS more commonly refers to
Boycott, Divestment and Sanctions, a fiercely anti-Israel activist group.
5) Exceptions to the above rules: Currently, there are only two exceptions
to the above guidelines:
Conference signs and PowerPoint template - It is OK to use
"Business-Driven Security™" without RSA® before it and "solutions" after
it on conference signs and as part of the branding on the PowerPoint
template.
Dateline in press releases - It is OK to separate "RSA" from "Business-
Driven Security solutions" in the dateline of press releases. Example:
Bedford, MA — April 5, 2018 — RSA, a global cybersecurity leader
delivering Business-Driven Security™ solutions to help manage
digital risk, announced today…
cloud (always lowercase when referring to clouds in the sky or cloud
computing.)
crowdsource (one word, per AP Stylebook.)
GUIDELINES FOR SPELLING
crowdsourced (one word, per AP Stylebook.)
crowdsourcing (one word, per AP Stylebook.)
cyber attack (two words, even though the AP Stylebook spells it as one word, because
we’ve always spelled it as two words, it’s better for SEO and it appears to be the
industry standard. LogRhythm, FireEye and Rapid7 spell it as two words.)
cybercrime (one word, per AP Stylebook.)
cybercriminal (one word, per AP Stylebook.)
cyber risk (two words, per AP Stylebook and because it looks weird when combined.)
cybersecurity (one word, per AP Stylebook.)
cyber threat (two words)
decision-maker (hyphenated, per AP Stylebook.)
decision-making (hyphenated, per AP Stylebook.)
e.g. (latin for exempli gratia and means for example.)
e-book (hyphenated, with the b in book lowercase, per AP Stylebook and Webster’s
New World dictionary. This is a departure from the way we’ve written e-book in the past,
but it avoids awkward and unnecessary capitalization.)
email (no hyphen, all lowercase, per AP Stylebook.)
![Page 21: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/21.jpg)
21
end user (two words when used as a noun, per AP Stylebook. Also OK to just
say “user.”)
end-user (hyphenated, per AP Stylebook, when used as an adjective, e.g., end-
user computing.)
enterprise-wide (hyphenated)
ET (for eastern time zone, not EST or EDT.)
healthcare (one word)
i.e. (Latin for id est and means in other words.)
internet (lowercase, per AP Stylebook)
internet of things (lowercase, per AP Stylebook; do not put internet of things in
quotation marks, as the AP Stylebook instructs.)
IoT (abbreviation for internet of things and a good term for SEO)
jump start (two words, no hyphen; this goes against AP Stylebook, but
punctuation always looks weird in headlines, and this word gets used frequently
enough in headlines.)
kick off (two words when used as a verb, per AP Stylebook.)
kick start (two words, no hyphen; this goes against AP Stylebook, but
punctuation always looks weird in headlines, and this word gets used often
enough in headlines.)
GUIDELINES FOR SPELLING
login (one word, when used as a noun or adjective)
log in (two words, when used as a verb)
mobile (use this word, not mobility, when talking about smartphones, tablets, wearables and
other small, portable computing devices.)
mobility (refers to cars, bikes, wheelchairs and other things we use to move around.)
multi-factor authentication (hyphenate multi-factor because it’s used as a compound
modifier; does not make a difference for SEO.)
OK, OK’d, OK’ing, Oks (not ok or okay, per AP Stylebook.)
on premises (two words when used as an adverb, e.g., The solution runs on premises.)
on-premises (hyphenate when used as a compound modifier, e.g., RSA supports cloud-
based and on-premises systems.)
percent (one word; spell out when used in a sentence, per AP Stylebook. Use the symbol
(%) in tables, pie charts, bar charts and infographics. For tweets and other super-short form
social content, feel free to use %.
PT (for Pacific time zone)
RSA 1) We refer to the company as RSA, not as RSA Security. 2) Never use RSA in the
possessive form, e.g., RSA’s SecurWorld Partner Program. Instead, rewrite as The RSA
SecurWorld Partner Program.
RSA® Business-Driven Security™ solutions/architecture/strategy: See page 19 for
"business-driven security" for details.
![Page 22: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/22.jpg)
22
RSA® Adaptive Authentication
RSA® Adaptive Authentication for eCommerce
RSA Archer® IT & Security Risk Management
RSA Archer® Enterprise & Operational Risk Management
RSA Archer® Regulatory & Corporate Compliance Management
RSA Archer® Suite
RSA® FraudAction™
RSA® FraudAction™ 360
RSA® FraudAction™ Cyber Intelligence
RSA® Fraud & Risk Intelligence Suite
RSA® Identity Governance and Lifecycle (note that the legal name of the product
does not feature an &, but use & in place of “and” when RSA Identity Governance
and Lifecycle appears in a headline.)
RSA NetWitness® Endpoint
RSA NetWitness® Logs
RSA NetWitness® Packets
RSA NetWitness® NetWitness UEBA
RSA NetWitness® Orchestrator
GUIDELINES FOR SPELLING
RSA NetWitness® Platform
RSA® Risk & Cybersecurity Practice
RSA SecurID® Suite
RSA SecurID® Access
RSA® Web Threat Detection
siloed (per Webster’s New World Dictionary)
silos (not, siloes, per Webster's New World Dictionary)
technology-centric (hyphenated)
third party, third parties (no hyphen when used as a standalone noun, e.g., We
conduct rigorous due diligence on every third party.)
third-party (hyphenate when used as a compound modifier, e.g., third-party risk, third-
party vendor.)
two-factor authentication (hyphenate two-factor because it’s used as a compound
modifier; does not make a difference for SEO.)
web (lowercase, per AP Stylebook.)
website (lowercase, per AP Stylebook.)
well (hyphenate as part of a compound modifier, e.g., well-deserved.)
white paper (two words, per AP Stylebook.)
Wi-Fi (hyphenated, capitalize W and F, per AP Stylebook.)
![Page 23: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/23.jpg)
23
abbreviations and acronyms – Use well-known abbreviations like ERP, CRM,
SaaS and ISO without spelling out. Spell out lesser known terms on first reference
and include the abbreviation in parentheses. Always spell out abbreviations when
it matters for SEO. (e.g., write “identity and access management” instead of using
“IAM” throughout your document; the same goes for “governance, risk and
compliance” instead of “GRC” and “enterprise risk management” instead of
“ERM.”)
business-driven security - See the guidelines for this term in the Spelling
section.
capitalization – Capitalize proper names but avoid unnecessary capitalization in
sentences. Resist the urge to capitalize random words in a sentence. Technical
and business terms are often erroneously capitalized in sentences.
company names – Use full names when we refer to other companies on first
reference in a white paper (e.g., Gartner Inc., Forrester Research Inc., Microsoft
Corp., etc.) It demonstrates respect. Note that we don't use a comma between the
company name and Inc. or Corp.
composition titles – Put titles of blogs, e-books, white papers, etc. in italics when
used in a sentence. Example: Download our guide, The 3 Keys to Faster Threat
Response, to get the details. Do not put quotes around titles of blogs, e-books,
white papers, etc. when used in a sentence. In headlines, our titles should be
written in all caps and put in bold, per our visual branding guidelines.
days of the week – Spell them out in running text. Abbreviate only when
necessary to save space in a social post.
GUIDELINES FOR USAGE
Dr. vs. Ph.D. – The AP Stylebook recommends saying a person holds a doctorate in X
subject. However, we always use “Dr.” with Zully even though he is not a medical
doctor. Use whatever the individual holding the Ph.D. prefers.
email addresses - Write them in all lowercase--e.g., [email protected].
endnotes – Follow the various formatting guidelines from The Chicago Manual of
Style. When citing a specific blog entry or a report or news article published online,
hyperlink the title of the report/blog/article in your citation. Example: Arthur
Fontaine, Threat Hunting and the Cloud – A Dynamic Tension (July 18, 2017).
footnotes - We don't use footnotes. Follow the guidance for endnotes.
fractions – Spell out when fractions are less than one (e.g., one-half, two-thirds), use
numerals when greater than one.
months of the year – When a month is used with a specific date, abbreviate only Jan.,
Feb., Aug., Sept., Oct., Nov. and Dec. Otherwise, spell out all months when using them
alone or with a year only (e.g., January 1972). Use numerals or abbreviations as they
make sense for social media, but remember that Europeans put the month second in
numerical abbreviations (e.g., 11/2/2017 for February 11, 2017.)
numbers/numerals – In general, spell out numbers one through nine. Use figures for
10 and above and whenever preceding a unit of measure or referring to ages of people,
animals, events or things. Use numerals in tables.
phone numbers – Use periods, not dashes or parentheses, to separate numbers in
the series. Don’t use a “+” or a “1” before the area code. (e.g., 800.599.0140)
![Page 24: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/24.jpg)
24
Possessive use of RSA – Never use RSA in the possessive, e.g., RSA’s customers or RSA’s
SecurWorld Partner Program. Instead, rewrite as RSA customers… or The RSA SecurWorld
Partner Program…
RSA - Refer to the company simply as "RSA" (not as RSA Security) in interviews with the media
or when indentifying an employee in an article (e.g., "...says Zulfikar Ramzan, CTO of RSA.")
subheads – Use title case. Only capitalize the first letter of the important words in a subhead;
don’t capitalize small words like the, a, in, etc.
trademarks and service marks – Use the appropriate trademark(s) upon first reference to an
RSA product or other trademarked term/name in text, even if those trademarks have previously
appeared in a title or logo. No need to repeat trademark usage after the first reference to the
product or company name. When referring to another company’s products, look up their
trademark guidelines and apply them as required. We should make every effort to acknowledge
other companies’ trademarks and service marks as a sign of respect for their intellectual
property.
urls - When writing out the web address for the RSA website in a print or digital ad or in a call to
action at the end of a blog, white paper or other content piece, use all lowercase and do not use
"https://" or "www." Just write it as: rsa.com. Use shortened URLs for campaign landing pages
(e.g., rsa.com/reimagine). The link community website should be written as: community.rsa.com
or community.rsa.com/training.
GUIDELINES FOR USAGE
![Page 25: RSA Verbal Guidelinesthe nuts and bolts of spelling, punctuation and formatting, and takes into consideration search engine optimization and other digital media requirements. Creating](https://reader030.fdocuments.us/reader030/viewer/2022041101/5ed9ab8f50079b077b143643/html5/thumbnails/25.jpg)
25
& - Use this symbol in product names (e.g., RSA NetWitness® Logs &
Packets, RSA Archer® Enterprise & Operational Risk Management) and in
headlines unless use of the & will undermine SEO.
% - Use this symbol to refer to percentages in infographics, pie charts and
bar graphs. Feel free to use the symbol when referring to percentages in
tweets and in other social posts with character count limits. When referring
to percentages in running text (e.g., in a sentence in a white paper or blog),
spell out percent.
bulleted lists – No punctuation at the end of a bullet that’s a simple phrase.
For bullets that are declarative or imperative sentences, put a period at the
end of each.
commas – Avoid using a comma before “and” in a simple series. Only use a
comma before “and” in a complex series or to clarify the meaning of a
sentence. Never put a comma after the words and, but or yet when they
begin a sentence, unless they’re followed by a dependent clause (e.g., Yet,
when I have time, I like to drink tea.)
em dash – Use the em dash (—), not the en dash (–), and note there are
no spaces around the em dash.
endnotes - Follow the various formatting guidelines from The Chicago
Manual of Style. When citing a specific blog entry, report or news article
publishing online, hyperlink the title of the report/blog/article in your citation.
Example: Arthur Fontaine, Threat Hunting and the Cloud - A Dynamic
Tension (July 18, 2017).
GUIDELINES FOR PUNCTUATION & FORMATTING
exhibit/figure titles – Follow this format:
Figure 1: Biometric Authentication Adoption By Industry
Figure 2: Use of Two-Factor and Multi-Factor Authentication
hyphen – Per the AP Stylebook: In general, the fewer the hyphens, the
better. Use them to avoid ambiguity or to avoid combining too many vowels
or consonants (e.g., socio-economic, pre-emptive, shell-like).
punctuation within quotation marks – Per the AP Stylebook, the period
and the comma always go within quotation marks.