...my eye is this: Chief Information Security Officers (CISOs) are more likely than any other executives on the seniormanagement team to perceive a significant gap between security policy alignment with business objectives and security spending...
http://www.computerweekly.com/blogs/stuart_king/2008/10/pwcreport.html