That's one of the reasons why Bohlen, who is executive vice president and chief innovation officer at Textron Inc., has created an organizational structure under which the company's top security and privacy officers report directly to him. The model was designed to let Bohlen have a say in enterprisewide security matters. It's also aimed at giving him near total visibility into all facets of information security and data privacy at the US$10 billion Fort Worth, Texas-based conglomerate, which owns companies such as Bell Helicopter and Cessna Aircraft Co.

"It's something we had to put in place, particularly because of Sarbanes- Oxley," he says. "It's helping transform the way we look at information security and privacy."

Bohlen's top-down approach to information security is an example of the new strategies that IT leaders say are needed to comply with regulations and deal with emerging security and privacy threats.

"The one point about security that is being widely recognized is that it's an enterprisewide issue and not just a technology issue or an IT issue," says Mark Resmer, formerly chief technology officer at eCollege and now CTO at Whitney University in Dallas.

Increasingly, the key to a successful security strategy is in being able to connect the technology issues to the business issues, says Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa.