Few would dispute that regulatory mandates have forever changed the role of IT security. The risk of financial sanctions, public embarrassment and potential jail time for executives has raised security awareness from the back office to the board room.

"Roll the clock back a few years and look at the challenges security professionals had then," says Eric Litt, chief information security officer at General Motors. "They were trapped in the middle layer of management. They certainly didn't have the support or understanding of upper management. And if they were trying to make the right IT security moves, they were pushing snowballs uphill."