Secure the information
Good article, high;ighted the required move away from tactical security implementations towards a more strategic view.
For a while now I have been talking to business about securing the information in a structure was and as part of the project the will create/use that information. This is a fundimental shift from the traditional security model of securing the network. This is still required, however business need to understand that the target of attack is the data/information, not the network.
Security 3.0 should be a natural step forward for most organisations as increased controls from SOX, PCI etc impact on how projects are delivered.