More enterprises fight to move their programs from compliance management to security risk management.
"McCreight agrees on the importance of winning the hearts and minds of the business as a way to move from a compliance-driven to an IT risk management-driven program. He adds that taking small steps of integrating security into business operations can go a long way as well. 'Is the network security team aware of new projects as they arise? Is security brought in during the design phases of new IT initiatives? They need to be an integral part of the process,' he says."