I think what you are both trying to say is that it should be a joint effort between management, IT and IT security. There are the technical, security issues I talked about in a previous post. There may be IT issues such as bandwidth or other service issues that arise and there may be management...