Enterprise security executives need to make practices such as safe USB use and discreet handling of patient or customer data as commonplace as not accepting luggage from strangers in airports or wearing a seat belt when driving.

But they can't do it alone; it takes an entire organization to secure corporate assets, protect data from breaches and make sure enterprisewide risk remains low. "Security is everyone's responsibility," says John Kirkwood, vice president of Information Security Strategy at American Express, who spoke recently at a Boston seminar hosted by risk-management company Consul. Kirkwood, formerly chief information security officer at the financial services giant, says his role has evolved from security policy maker to enterprise risk-management evangelist. "Security has gone from being a server room concern to a boardroom type of issue," he says.

The link for this article located at Network World is no longer available.