Experts have re-emphasised the need for companies to improve their IT security infrastructures, at a recent forum in Norway. At the OECD's Global Forum on Information Systems and Network Security, Jeremy Ward, director of services development for Symantec, said that many firms were not addressing the issues. He warned that they could face harsh legislation unless they did. He added, "Security vendors are pursuing the agenda but companies outside the security and technology sectors should be taking responsibility for security and looking at where their responsibility begins and ends. If the present situation continues, governments may force more regulations upon industry. You could make a case that the government should step in with information security practices for firms [where poor security would affect] people outside of the individual company." One way of avoiding this, Ward said, was for organisations to become involved in security events and initiatives, such as the one held by the OECD. That, he added, "could prevent the introduction of excessive government regulation". Enterprises could be more proactive, Ward went on, and do more to lobby and shape security regulations, which governments would welcome, rather than complain about legislation after the fact. Ward highlighted the significant national differences in the application of best practices, with the UK and Germany currently ahead of the pack. Attendees included government and industry representatives from 30 countries. The aim of the conference was to promote information security worldwide and review uptake of security guidelines released by the OECD about a year ago.