This was confirmed during a conversation I recently had with an industry professional who said that much of the fiduciary and corporate support he gets is driven by headlines.

So, unsurprisingly, given negative publicity that traces customer/client data exposures through the Department of Veterans Affairs or TJX Companies, as examples, data theft is a big issue for his worldwide enterprise.

Such priorities are to be expected. On the other hand, the protection of intellectual property — on which his business is based — isn't so much a concern for his higher-ups. That's because newspaper coverage of such leakage doesn't seem to grab the headlines like exposed Social Security numbers.

Take for instance the corporate espionage incident at DuPont. The U.S. Department of Justice recently unsealed a case that showed how a former senior scientist at DuPont thieved $400 million in intellectual property.

Reportedly, Gary Min, a 10-year company veteran, pleaded guilty in late 2006 and could face up to 10 years in jail, $250,000 in fines and restitution for accessing proprietary technical documents.

Such crimes involving internal employees stealing intellectual property are nothing new, but coverage of companies divulging them is slim. Yet, theft of intellectual property — especially if such crimes occur in less regulated countries where many companies are running offices — could cripple organizations.

But, according to the IT security pro I talked to, much support for security initiatives still is prompted by lead executives catching some story that prompts them to wonder what steps their organization is taking to protect such critical data.

Just as our Salary Survey in this month's issue reveals, such a way of thinking shows that this still maturing field has a great deal of growing up to do. The promise of better-defined information security roles, sound hierarchical structures and strong risk management plans directly coincides with the hope that the core underpinnings of good business in this electronic age equal robust security.

To make progress in information security, whether in defining information security positions better or strengthening budget for protection of data, is to advance a prosperous business. Grasping this will mean the difference between a bad headline or not.

- Illena Armstrong is SC Magazine's U.S. editor-in-chief.