In this series of three columns, I'm reviewing and commenting on ideas in A Seat at the Table for CEOs and CSOs: Driving Profits, Corporate Performance and Business Agility by Jackie Bassett and Daniel Rothman and edited by Raquel Filipek. Today I'll finish with a brief summary of the rest of the book, although I think I could write another six or seven columns on it if that wouldn't give my editor apoplexy!

Chapter 2, “Show Me the Money,” makes the point that security problems should be treated with urgency at the strategic level, not just as tactical glitches that can be relegated to low-level staff as minor details. “Because a security breach represents an underlying revenue and profitability problem that has gone undetected, preventing a security breach should be managed with the same level of urgency.”

The authors argue that identity management should not be seen as a nuisance: identity management can be a key to effective knowledge management about customers and competitors. For example, “When new customers are integrated into a company’s business processes seamlessly, the results translate into improved cash flows from revenues that are identified sooner and higher levels of customers satisfaction.”

Inefficient, drawn-out assignment of unique, trackable identifiers “also gives the social engineer ample time to troll the system looking for an opportunity to exploit a weakness or even get signed up as a new customer” and then penetrate defenses through further social engineering. Good identity management can also be linked to customer relationship management because a customer whose access is terminated can be identified immediately to the VP of sales for analysis and possible recovery.

Chapter 3, “Customer-centric Innovation,” includes several interesting examples of how improved security and greater integration of the CISO can support strategic planning of the sales function.

Chapter 4, “Security as a Catalyst for Innovation,” continues the theme with a discussion of the many ways that thinking about information security supports good application development, improved information management, and more productive knowledge capture.

Chapter 5, “Maximizing Shareholder Value in an M&A [Merger & Acquisition],” specifically addresses how good security practices are important for both the purchasing and the acquired organizations. They offer practical questions for boards of directors and guidance on reading audit reports, including in particular security aspects. They suggest a systematic series of steps for CISOs when becoming involved with M&As.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.