Security and privacy are bad words with bad histories, evoking bad connotations with most enterprise stakeholders. For companies to succeed at safeguarding their data, these words must go away. Information security and privacy protections as we know them today are a response to the ills that have befallen enterprises over time. Enterprises experience a problem or incident and don’t want it to happen again, so they find the most practical way to eliminate it or mitigate against it. As a result, security and privacy practices tend to be restrictive. Every organization uniquely figures out where best to place them-so long as the chief executive doesn’t have to be too bothered. As a consequence, neither security nor privacy has been associated with the positives of most institutions or with their strategically important initiatives. They are clearly not viewed as activities that will help enterprises gain market position, enhance their reputations or provide competitive advantage.