Roger,

Very nice post, I agree with your comments. This is one of the challenge I see quite often where professionals always find hard to translate their technical terms into management language and therefore not able to highlight appropriate risks in front of management.

I hear this all the time from the business, users used to complain and say "Bloody Security", we can't do this now but now this is changing, my approach is that we need to be business enabler along with security in mind.

My thoughts.

Shoaib