Scott Crawford, a security expert and research director with Enterprise Management Associates, offers his advice for minimizing security risks within IT

When I started in IT at insurance company MetLife in 1970, my background was as far away from insurance as you could possibly imagine. I was an engineer, and I had studied towards a doctorate in solid-state physics.

Neither information technology nor security managers fire people in most organizations. That plain reality seems to escape some in the industry, where offended security administrators declare that disabling the anti-virus program is grounds for demotion or an IT manager finding unlicensed media makes arrangements for someone to make the cardboard box commute.

This past February 2, at 5.15pm, Alan Boehme, 47, VP and CIO of Juniper Networks, left his office and climbed into his black 2004 Infiniti G-35. He pulled out of the company parking lot and began the 90-minute drive to his home in Half Moon Bay, a coastal town in Northern California's San Mateo County. Boehme's work had been going well. In December, he had completed an ambitious restructuring of the $US2.5 billion networking company's IT infrastructure, globalizing its operations and laying the foundation for its future growth.

Karl Wachs, CIO at global industrial chemical company Celanese Chemical, had a problem and it was making him very nervous. After an 11-month approval process, the board had given him just 21 months to roll 13 SAP systems scattered across five data centres into a single instance of the enterprise software.

By the time the board of retailing giant Coles Group recommended Wesfarmers' $21.9 billion takeover bid this week, the company had been in play for over a year. During that time its executives had to steer a steady course; maintaining shareholder value and positioning the business for future growth - setting to one side the knowledge that everything being done today could be unravelled tomorrow by a new owner.

The relationship is much more sophisticated these days, throughout the corporate world. In Coles, technology requirements are defined by the business and IT working together, based on the business's strategic objectives.

CIO magazine's Beverly Head asked Coles CEO John Fletcher and CIO Peter Mahler about the company's IT and the controversy that arose during the takeover. Here are their answers:

Secrets aren't advertised; they are protected. The US government keeps some of the biggest secrets of all — the exposure of which might pose a threat to national security — in places where the name hides nothing: a Sensitive Compartmented Information Facility (SCIF). But the buildings carrying the SCIF label are made to hide everything.

In the not too distant past, when a company decided to relocate — into either a new or retrofitted building — technology concerns often took a back seat to issues such as cost, location and design. It was more or less assumed that technology was infinitely flexible and could be accommodated in just about any setting.

Like all CIOs, Darryl Lemecha worries about viruses and hackers, data centre problems and technology meltdowns. But what separates his worried mind from many others is a detailed incident response plan that will guide him, his IT staff and his company through whatever problems may arise.