Are security pros worrying about the right stuff? This is the first in a series of stories that will be addressed at The Security Standard event scheduled for Sept. 10-11 in Chicago. “As a rule, men worry more about what they can’t see than what they can.” “Security decisions are almost never made for security reasons.” Worrying almost seems to define the job of the CSO (chief security officer) and CISO (chief information security officer). The security chief is the corporate standard bearer for risk management in a world fraught with technical and human error, with hackers potentially lurking within and without. When asked what they worry about, CSOs and CISOs cite regulatory compliance and security controls overlooked in IT projects. Some acknowledge a general angst that simply boils down to the great unknown of system-wide chaos. But are security pros worrying about the right things?