2006 and 2007 were seminal years which saw emergence of several information security threats and significant data breaches. The media focus on various incidents have made consumers much more aware of information security and hence, any significant security breach results in a significant loss of brand image. As a result, corporate boards are demanding more information security controls as a part of their risk management oversight. This has forced a rethink among the C-suite executives and has increased the importance of information security in their eyes. The CSO's are seeing an elevation in prestige and importance and are becoming empowered to contribute to the organizational strategy by defining information security as a part of organizational governance and risk management framework. The objectives of this talk are two fold. First, the focus will be on practical aspects of information security in most organizations. I will describe how Information Security is becoming a more central function and how the organizational roles and responsibilities are transforming as a result. Second, I will talk about the top information security initiatives for 2008 and what is driving those including examples and explanations of what transpired in several security breaches. Some of those initiatives are governance, wireless security, hardening of network infrastructure and data loss prevention. Throughout this talk, where applicable, I will also identify information security challenges that have not proven tractable in the hope that it will help inspire research ideas.