Who: Joseph Moorcones, vice president for worldwide information security, Johnson & Johnson

Career highlights: Before joining Johnson & Johnson, in 1997, Moorcones spent 24 years at the National Security Agency, last serving as assistant deputy director for information security. He also participated in the US President's Commission on Critical Infrastructure Protection.

Moorcones' thoughts on:

The most exciting emerging security technology

"Network access control is critical. I foresee networks without firewalls. I see a better way - to identify and authenticate machines, applications and individuals - not to have to spend time setting up accounts."

Today's most serious security issues

"The biggest threat today is that we have more people around the world who have the skills, tools and capability to cause harm. Another challenge is that every company now has to partner, sometimes with its competitors. That opens the business up to potential threats. This is magnified by the increasing complexity of systems and technologies."

Terrorist-related information security risks

"If you are talking about business intelligence, trade secrets, I don't think these are their interests today. They are more interested in getting on the news and making a big statement . . . blowing up the building as a target."

The differences between national and enterprise security

"I find exactly the same problems. . . . Instead of talking about how we are going to have a relationship with an ally and control data while fighting a war, we're talking about how we are going to have a partnership with someone who is critical to R&D, or some [other] aspect of our business, coupled with the need to maintain control over the sensitive data we share with the partner. What's different is the impact - an impact on profitability, market share and compliance vs. national security and people dying."

Data leakage

"We're looking at deploying hard-disk encryption. If I had unlimited budget, I'd say, let's just do it on everyone's computer, and I'll have taken 'lost laptop' off the table. I won't care who loses a laptop; there wouldn't even be an operating system [accessible] on it. The reason I'm still just considering this is that, what happens if a hard drive crashes and you have to work through support issues? The hard disk is encrypted; someone can't even turn on their computer when they are in the field."

Integrating network and physical security

"It's easy but expensive. We could probably use [our employees'] public-key credentials to open the doors, or we could put the [PKI credentials] in a smart-card format, put a picture on it, or even put their pictures in our directory, use facial recognition, and have them type in their worldwide ID [to gain building access] if there was a business case to be made. The problem is that we have to upgrade all the turnstiles at 230 companies around the world."