said by cramer:Cost and speed trump security.
Basically network security is about where and how technical understanding your company lawyers are. In one of my previous company, we got Infrastructure Security VP that had JD and MBA degrees in addition to network engineering and support background that enabled him to see eye to eye with anybody; management and technical people; which helped tremendously in implementing policies and procedures. So no fancy nor frivolous stuff, just necessary things to keep the cost minimal yet we still passed the network security audit and compliance