A lot depends on whether companies tend to view compliance as the ceiling of their security efforts or as a minimum set of requirements within a broader security framework , said Gerhard Eschelbeck, chief technology officer at Redwood Shores Calif.-based Qualys Inc. 'It all depends on where you set the bar,' he said.

A lot of the controls and processes companies are required to implement are already understood and should be in place, said Ben Rothke, senior security consultant at Thrupoint Inc., a management services company in New York. This is especially true because there is a huge overlap in the requirements spelled out by different regulations, Rothke said.

'The problem with compliance is that people tend to take a myopic view of what needs to be done whenever new regulations come out,' he said. 'The point needs to be made that those organizations with a solid security framework in place could easily handle any regulations thrown at them.'

The need to comply with regulations such as the Sarbanes-Oxley Act, Gramm-Leach Bliley Act and Health Insurance Portability and Accountability Act have certainly heightened the discussion around customer privacy and security, said Greg Framke, CIO at ETrade Financial Corp. in New York. 'But these are things we have been talking about and doing things about for a while,' he said in an interview unrelated to the CSI show. As a result, 'I see no particular challenge with compliance.'