I.T. Without Compromise

I just watched a Network World webcast titled IT without Compromise
The webcast addressed some of the things I”ve been thinking about recently. As security complexity increases, as we try to do more on the wire, the cost of piecemeal security solutions goes up. It costs money to protect smtp, http, and IM. And these perimeter solutions dont protect the mobile workforce.
What is needed is an asset oriented solution instead of a threat oriented solution. Rather than buying into protecting against the threat that the trade mags are warning about, you need to look at what needs to be protected. Where are your business assets? Then you can look at what threats there are against those assets and what you have in place to protect those assets. What will happen if those assets are hit. That is a business impact analysis. It is an ongoing thing, because your assets change, threats change, and best practices change.
Security needs to be more holistic. Instead of selling fear, security is the great business enabler. And that is how it needs to be approached. Instead of being centered around threads and technology security needs to be asset and business centered.