"You can't ignore the technology issues," Lindstrom says. "But you've got to be able to connect all the bits and bytes and tie that back to the business issues."

New kind of security

Several factors are changing age-old notions about the information security function and its place in the organization, say IT leaders.

Traditional network perimeters are fast disappearing, if not already gone, as companies connect their networks to those belonging to partners, suppliers and customers. The trend is exposing companies to greater risks than ever before, even as cyberthreats and the people behind them appear to be getting more sophisticated.

Companies are also under pressure to demonstrate due diligence when it comes to securing their networks and data, whether from statutes such as the Sarbanes-Oxley Act or data privacy regulations such as California's SB 1386 law.