So I would like to hear your perspective on where governance is in regard to cyber security, privacy and risk the private sector. As with the first question, at this point, my views are unprintable, except that I will say the concept of ROI for cyber security is wrong-headed and mind-killing, and that I doubt any true evolution toward holistic cyber security is possible in a business environment in which the ONLY criteria for executive decisions is the next quarterly profit and loss statement. Perhaps you can offer something more positive?

Burgess: You have me chuckling. Top down implementation of security protocol in every company has become table-stakes. If a company's leadership isn't interested in baking security, privacy and risk factors into all of their efforts, then frankly I believe they are limiting their ability to compete in today's society, are going to find that their competitors who do will use this differentiation to their advantage.

Let's look at privacy. The aforementioned is truly applicable if they are in an industry where they are dealing with individuals personal data, they need to move off the mind-set that the data is theirs, it's about the individuals data -- the individual needs the explicit ability in easily understandable terms to make a decision on how and when their personal data may be used. With respect to security, there are two facets I consider low hanging fruit in tightening up one's regime:

1) educate your workforce and

2) update your appliances/software when the manufacture provides you patches. The former raises the level of awareness throughout the company, the latter closes known avenues of exploitation.