Security is a topic that raises strong emotions among IT managers. Ask any one of them what they think should be done to improve the state of corporate security and you are likely to elicit one of two pessimistic opinions.
The first is that you can never do enough to protect fully the business and its assets. No amount of money spent on security is enough to eradicate all risks.
The second is that no technology - despite any lavish claims of universal effectiveness made by its supplier - is going to neutralise the legion of IT and physical risks confronting businesses.
Both opinions are true and widely-held. Both also point to a wider issue that is generating great debate and dividing the corporate world: who in the organisation should have the principal responsibility for shaping and delivering the security agenda.
That there is a profound need for a senior executive with broad IT, business and risk management expertise and the leadership gravitas to embody that role is thankfully not in dispute (see page 36).
Indeed, some UKorganisations have already taken the lead from their US counterparts to create the post of chief information security officer. Others are increasing their security budgets and carefully targeting their expenditure. The most enlightened are also looking to involve other parts of the business, such as the human resources department, rather than simply leaving it to the IT department.
Forthcoming legislation and a slew of existing regulatory requirements have ensured that the cost and complexity of corporate IT security is no longer an issue that chief executives can afford to dismiss as a expensive headache to be put off until tomorrow.
And all this is good news. Corporate security is not an easy subject to address positively. It can become a large drain on resources. It can sometimes force organisations to limit the freedoms and activities enjoyed by their employees. It can also generate a culture where vigilance, prudence and due care are replaced by a consuming fear of the outside world as embodied by the internet, and weariness of embracing innovative technology-led business processes.
Mature, rational debate among business and IT leaders about what security means for their organisations, what processes and organisational structures are required to manage it effectively, and who is best-placed to deliver it internally are clear signs that UK plc is finally treating the subject with the importance it merits.