We use a layered approach to security that includes router access-control lists; firewalls; intrusion detection; security policies; Active Directory; an aggressive program of weekly patching of servers and desktops; round-the-clock updating of our antivirus, antispam and antispyware controls; and Veritas backup and restore tools. Our environment hums.

We have not had a single incident of a worm or virus attacking our environment in over a year. So, what's the problem? We don't really have one. I got sidetracked after listening to that webcast by the whole idea of virtualization and what it really means. I don't think it means anything to us.

What do you think?

This week's journal is written by a real security manager, "C.J. Kelly," whose name and employer have been disguised for obvious reasons. Contact her at mscjkelly@yahoo.com, or join the discussion in our forum: computerworld.com/forums. To find a complete archive of our Security Manager's Journals, go online to computerworld.com/secjournal.