American companies, while often technology leaders (both as developers and users), havent kept up with their Asian counterparts in how they approach security. They take a reactive rather than proactive approach, says John DiMaria, a product manager at BSI Management Systems, a consulting company that helps organizations meet international certification standards.