It’s hard not to worry about security. Even though I live in one of the safest cities of America (according to recent crime statistic ratings), I lock my car doors in the driveway and lock my house doors when I leave. The statistics might say that’s unnecessary, but it didn’t feel unnecessary last summer when two houses on my street were broken into (one in broad daylight) and miscellaneous household things were taken. What should I be doing to protect myself and my belongings? And what about from a technology and privacy perspective—it’s one thing if someone takes my TV, it’s another if they take my laptop or memory cards with personal and corporate data on them. Making sure I’m doing the right thing to ensure security is important, even when you live in one of the safest cities in America.

It’s easy to be frozen by fear from security concerns—especially nowadays when security and privacy issues are top of mind for many C-level executives and corporate boards. The visible impact of security breaches on large brand-name companies (for example, my local paper, the Boston Globe recently had to announce to tens of thousands of subscribers that it had accidentally disclosed their credit and debit card numbers—oops!) makes the security issue not only seem more real but more possible. Recently regulatory requirements and greater scrutiny also mean that organizations are more focused on security and the implications of poor security practices than ever before.

Today there’s a way wide of potential risks associated with security or privacy threats. At the top level there are threats to a company’s brand and reputation if or when it becomes the target of successful attack or exposes secure data through negligence or incompetence. For example, a cable company that exposure the names of its subscribers and their billing information accidentally would put its brand and reputation at risk. Another threat potential issue is compliance and regulatory requirements and the risk that security breaches or lapses open up for an organization, as well as just plain old concern over corporate data that might fall into competitor’s hands.

However, organizations also have to balance these (and other) security risks and implications with a range of business issues. For example, security costs money and takes resources. Can an organization justify the investment it has made, or wants to make, in security technologies or resources? Will the end—a more secure organization—justify the means and expense? How will an organization’s security procedures or technologies affect its ability to do business? In addition, security threats and potential vulnerabilities are increasing in complexity and sophistication every day, making it more difficult (if not more expensive) to ensure protection.