This one: "I have no doubt that in the coming years; there will be a lot of focus on data-centric security – but not in 2007."
and this one as well (which makes me somewhat happy): "6-month grade: D - Much to my chagrin, compliance is still alive and well. [...] Compliance will remain a factor for 2-3 year planning horizon. Now I need to go get some Tums, since eating crow wreaks havoc on your digestive track." :-)
A small comment on the latter, if I may. Indeed, a new compliance mandate won't scare a "Pragmatic CSO", but - what's the antonym? a "romantic CSO"? - will likely be scared shitless ... Thus, it is a good thing that compliance will still be a factor, since it will prod less "pragmatic" security leaders into action!