Information technology enables an explosive growth of computing and the uninhibited, worldwide movement of information. Now there are opportunities on a grand scale for errors, or for unethical, disruptive and costly behaviour by users, organizations and governments.Here is a candid look at today's flawed practices and what security and control must be in the next millennium. Today's information protection strategies often are based on illusions, philosophical blunders, and logical inconsistencies. Reliance is primarily on gadgets -- hardware and software -- when the key is reliance on people. Security and audit counterimplement what management wants to do and may even interfere with the conduct of business.Tomorrow's strategies, already in place in some organizations, rely less on intensive surveillance, policing, and the micro-management of peoples behaviour. Creating a better future starts with the ability to envision it. What should be done in your organization? Who will take a leadership role?