But what's equally important are ways to measure and drive improvements in the actual implementation of security controls, he said. Efforts such as the Building Security In Maturity Model (BSIMM), for instance lets companies compare themselves and see how and whether they are improving on the security front, Pescatore said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at or subscribe to . His e-mail address is .

in Computerworld's App Security Topic Center.