It's not a technical book - rather as the title suggests it explains why security is important for the CXO level management and processes for achieving success.
For most readers of this blog - there won't be anything new but then, I would argue the book isn't to convince us directly. Rather it does provide stories we can use to make points about security and strategies to help get the point across to management.
Because as the book wisely summarizes - Security is about management control.
Meaning - what to secure and at what level of security is a management decision.
And this is often a tricky situation because there is no such thing as perfect security because people also know threat plus vulnerability does not equal damage.
The problem is the "threat + vulnerability != damage" equation is true - it can change quickly. That's why you need to make sure management understands to do regular (at least annual) reviews of threats and compliance. You also need to make sure that your identity management includes technology like Oracle Virtual Directory that can be used to quickly adapt to your changing risk and compliance needs.
<a href=""http://feedburner.google.com/fb/a/mailverify?uri=virtualidentitydialogue&loc=en_US">Subscribe to Virtual Identity Dialogue by Email</a>