There are things that we should fear and there are things we should not fear. Lost data due to poor backup procedures, not safeguarding core intellectual property, and security policies with no enforcement teeth are things we should fear. Terrorism (unless you are DHS or are a high-value target) is one that we ought to put low on our list of concerns.
Joan Goodchild, Senior Editor, CSO magazine wrote the Seven Deadly Sins of Building Security:
This list is a solid list based on the prudent man principle of information security: Those with responsibility to invest money in order to secure the operations should act with prudence, discretion, intelligence, and regard for the safety of capital as well as the desired and resulting level of information security.
There are all types of security people — and we need them all — from the firewall/IDS/network security specialist and physical security specialist to the policy writers and auditors. However, we need a manager that sees and understands all of the key parts of organizational security and can map them to coincide with the organizational goals.
The key is to make a regular and complete assessment, implement accurate and quality processes, procedures and technology solutions, and to manage and monitor it continuously. Then stay at it, doing it over and over. Boring yes, but good security was never designed to be exciting. It needs to be in place when it is needed.
Finding one that can balance between what is good and financially in-line for the organization and what a security purist hopes for is where you will find the prudent man (or woman) of information security