Columnist’s corner: Fresh from some what-if exercises in which IT honchos were stimulated to consider how best to prepare and respond in the event of various catastrophes, David Margulius is reeling from “the degree to which even a sophisticated group of senior managers can be thrown off guard by the unknown or the unexpected.” The problem: too many folks are “anchored in ‘what we know to be true.'” Crisis management 101. The real danger, indeed, is that whatever the next disruption — be it natural disaster, terrorism, or nearly anything else — it won’t be obvious and easily understood while it’s happening. Videos: Dorf. That’s not a typo, but it is something not everyone in IT knows about — yet, that is. Mark Harris, director of Sophos Labs, discusses why it matters with senior editor Paul Roberts. “The real motivation [of malware authors] is now money, whether it be installing spyware, or some form of banking Trojan, or recruiting you into a botnet of comprised machines.” What Harris is not seeing very often, however, is a host of new viruses. Harris also makes a prediction for the biggest security concern of 2007. Watch the interview here.Security: Rarely are particular technologies singled out in general regulations, but that doesn’t stop even some vendors from suggesting that, say, Winzip is not covered under HIPAA guidelines. “Although many people, including myself, could argue that this lack of specificity means security problems will keep occurring, the reality is that there are so many ways to protect computer data that no single recommendation would ever be complete enough,” Roger Grimes explains in Have you read your regulations? So instead of taking a vendor’s word for it, do what a lot of them don’t. “It can never hurt to read the source documents that regulate your industry, even if they are boring and dry.” Technology Industry