In this series of columns, I’m reviewing and commenting on ideas in A Seat at the Table for CEOs and CSOs: Driving Profits, Corporate Performance & Business Agility by Jackie Bassett and Daniel Rothman and edited by Raquel Filipek. 

The authors’ Chapter 1 is entitled “Why?” They start with five key reasons for CEOs to include CISOs in what I would call strategic planning (thinking about long-term, mission-critical goals and global processes). Each reason has explanations from the authors, but it’s worth simply listing them to give readers a sense of the issues (quoting directly):

1. Because to every CEO there are no competing business priorities to revenues and profitability.
2. Because in today’s global economy, it’s innovate or perish.
3. Because it makes good business sense.
4. Because CEOs have arrived at the same near-paralyzing epiphany. [i.e., the realization that “…companies simply can’t continue operating under the same business security model.”]
5. Because “insanity is doing the same thing over and over, and expecting a different result.” – Albert Einstein

Bassett and Rothman propose that “Security today has become a reverse salient – a growth inhibitor or a system component that has fallen behind in the evolutionary process of technological innovation.” They argue that it’s time to bring security into the forefront of strategic planning. They point out that in a 2006 study of “100 of the most innovative companies,” “more than 95% of CSOs [chief security officers] or CIOs [chief information officers] report directly to the CEO or to a senior vice president who reports directly to the CEO and plays a significant role in strategic planning.”

On a personal note, I and many other security management specialists have long argued that the CISO must not report to the CIO any more than the head of financial audit should report to the CFO. CISOs and auditors should not have a conflict of interest by reporting to the people whose management they ultimately evaluate on behalf of all the stakeholders in the organization.

Bassett and Rothman’s key points about the optimal strategic orientation of CISOs and CEOs include the following practical suggestions (these are my own interpretations of just a few of their insights - readers would do well to read the original):

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports