- Microsoft lays out SQL Server road map
- Credit card skimming
- Nortel's stock market capitalization plummets
- The Obama campaign's Search Engine to Nowhere
- Will Apple be forced to make more money?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
In this series of three columns, I'm reviewing and commenting on ideas in A Seat at the Table for CEOs and CSOs: Driving Profits, Corporate Performance and Business Agility by Jackie Bassett and Daniel Rothman and edited by Raquel Filipek. Today I'll finish with a brief summary of the rest of the book, although I think I could write another six or seven columns on it if that wouldn't give my editor apoplexy!
Chapter 2, “Show Me the Money,” makes the point that security problems should be treated with urgency at the strategic level, not just as tactical glitches that can be relegated to low-level staff as minor details. “Because a security breach represents an underlying revenue and profitability problem that has gone undetected, preventing a security breach should be managed with the same level of urgency.”
The authors argue that identity management should not be seen as a nuisance: identity management can be a key to effective knowledge management about customers and competitors. For example, “When new customers are integrated into a company’s business processes seamlessly, the results translate into improved cash flows from revenues that are identified sooner and higher levels of customers satisfaction.”
Inefficient, drawn-out assignment of unique, trackable identifiers “also gives the social engineer ample time to troll the system looking for an opportunity to exploit a weakness or even get signed up as a new customer” and then penetrate defenses through further social engineering. Good identity management can also be linked to customer relationship management because a customer whose access is terminated can be identified immediately to the VP of sales for analysis and possible recovery.
Chapter 3, “Customer-centric Innovation,” includes several interesting examples of how improved security and greater integration of the CISO can support strategic planning of the sales function.
Chapter 4, “Security as a Catalyst for Innovation,” continues the theme with a discussion of the many ways that thinking about information security supports good application development, improved information management, and more productive knowledge capture.
Chapter 5, “Maximizing Shareholder Value in an M&A [Merger & Acquisition],” specifically addresses how good security practices are important for both the purchasing and the acquired organizations. They offer practical questions for boards of directors and guidance on reading audit reports, including in particular security aspects. They suggest a systematic series of steps for CISOs when becoming involved with M&As.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.

Ever since there have been stocks and shares there have been so called "pump 'n' dump" scams. This...
Spyware: Know Your EnemyLike Macavity, the fictional feline in T. S. Eliot's well-known poem, spyware may be considered to...
The Online Shadow Economy: A Billion Dollar Market For Malware AuthorsMalware, meaning computer viruses, trojans and spyware, is about money. The teenagers who wrote...

Microsoft SQL Server has enjoyed phenomenal success as a database server. Its relatively low cost,...
Minimizing the Risk of Information Security Breaches: Best Practices for SOA Governance and Compliance - Live October 21Today's enterprises face more information security risks and vulnerabilities than ever before....
Migrating to Windows Vista: Necessity and OpportunityThe Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment