http://zdnet.com.com/2100%2D1105_2%2D5278576.html

  Regulations around privacy, such as the Health Insurance Portability and Accountability Act, and financial reporting measures, such as the Sarbanes-Oxley Act, are also raising the stakes for corporations. As a result of these regulations, companies need to keep their customers' information, as well as their financial reporting material, under tight security.

John Thompson, chief executive of security software provider Symantec, has been a longtime advocate of companies developing corporate policies on security issues. He notes that technology alone can't keep companies secure. "Security is a process, and while technologies are important to facilitate the process, the technology itself does not ensure that you are secure,"

Thompson said. "A case in point: There is a technology, a simple technology associated with securing your house, it's called a lock. But if you, a user, do not facilitate the process, or lock the door when you walk out of your house, having the technology installed is of no value. And so the process starts with first having you be aware of how you secure your home, what threats you need to protect yourself from."

Historically, companies have viewed the issue of security and antivirus protection as a problem for their IT departments. And employees at these companies have held a similar view, said IT managers and security officers.