BOSTON — Security executives from around the country converged in Boston this week to hear how their peers are tackling enterprise security and managing risk.

The Security Standard conference, hosted by Network World and other IDG publications, examined such issues as regulatory compliance, dealing with internal and external threats, working with law enforcement and establishing security best practices.

The conference also provided a forum in which security executives could explore how their responsibilities are changing and how they dovetail with more holistic concerns about corporate health.

Speaker Jason Jackson, director of emergency management at Wal-Mart Stores, said, “We should know what a hazard or risk could mean to our businesses, whether it’s a natural disaster or manmade attack, before it happens. Having a corporate structure in place regarding crisis is sometimes more important than having a detailed plan on how to react to specific events.”

Creating a culture

IT security is primarily focused on protecting the perimeter, but with internal data leaks and security breaches topping the news, security executives today are seeking measures to protect customer data and corporate intellectual property across the organization.

We are still “hard and crunchy on the outside, but soft and chewy on the inside,” said Dixon Greenfield, manager of data center operations at Valmont Industries, a manufacturing company in Valley, Neb. “So I need security at all the layers, but I’ve got certain sets of data that I’d like to have more secure than others.”

Security experts say the trick to building a more security-aware culture is finding the right mix of processes and technology that suit the business, and then educating the IT staff and user community on how to maintain secure practices.

Sean Franklin, an IT security manager at a large financial services firm, said, “People are our weakest links. Most of our wounds are still self-inflicted. Configuration changes that aren’t well thought out and leave us open and exposed in certain areas are still the hardest things to lick.”

Part of the problem lies in the fact that employees aren’t as technology or security savvy as the IT staff and often don’t realize when their actions — or lack thereof — pose a risk.