Al Berkley, the chairman of Princeton Capital Management, dropped by theCUBE at last week’s MIT ECIR Workshop to discuss the changing dynamics of cybersecurity and policymaking with Wikibon’s Dave Vellante and guest host Charles Sennott.

Berkley serves on the board of Business Executives for National Security (BENS), a member-funded nonprofit comprised of CEOs and other senior leaders with an interest in tackling emerging security issues. After being commissioned by the U.S. government to provide input on managing online threats, the organization became a sponsor of ECIR, and he was tasked with presenting on its behalf.

Enterprises today have a distinct advantage over their smaller peers, which often lack the resources to effectively safeguard business information. BENS is focusing on equipping decision makers in this segment with the tools they need to stay ahead of hackers, and according to Berkley, data-centric security is proving to be the answer.

Controls designed to protect information rather than the infrastructure on which it resides will substitute many components of traditional network-centric models, he predicts, but adoption will be slow at first. More companies will embrace the technology as governance crawls up the agenda for the private sector and business leaders recognize the need to enforce a set of cohesive rules across the network. Asked about how an organization would go about implement such policies, Berkley says that “the right thing to do is do the things you can control. Then you cooperate with someone else for the things you together can control.”

“For example, if I can do my share to do the silly things like passwords and patches, I’m probably taking care of 80 percent of the problems on my personal level. If I as an executive can get everyone in my company do that, I’ve moved to the company level, and [then] you move to the industry level,” he explains.

Berkley believes that governance must be tailored for the specific requirements in each industry; due to the vast differences in data management across sectors, a blanket approach would not adequately address all security concerns. A good reference point for regulatory authorities would be the financial services industry, where the big firms try to solve top-priority issues among themselves before turning to the government for help.