This week Chris Barling, chief executive officer of Actinic, calls for more trust in IT security and less dependence on overzealous safety measures.

A few years back, I was working on getting investment into our business. We had big problems with the lawyer from the other side, who kept raising objections. The issue wasn't that her points were invalid; they just weren't material. In other words, they were unlikely to cause problems for their investor.

This might seem a million miles away from security issues, but I think it can illuminate similar dilemmas in computer security.

IT security professionals aim to protect their companies and clients from harm, but the tightest security is not necessarily the best.

Let's use the airline industry as an example. There's been a lot in the press recently about the US demand to put armed marshals on transatlantic flights. They can tackle hijackers, so they must improve security, right?

But there are downsides too. What happens if the bullets cause some critical damage to the plane? Attempts to improve security can sometimes backfire. And the same principle applies to IT.

Forcing passwords to be at least eight characters long, changing them every month and never allowing them to be reused are good security policies, aren't they? Well, maybe not, if a significant number of confused users stick their passwords to their screens using post-it notes.

Others may end up phoning the help desk with their password problems, which can create an environment where a confident hacker is able to blag a new password by asking the help desk.

Sometimes well-intentioned actions can have unexpected side effects. Taking an example from my own company, we have a number of employees working from home. One left some time ago, but we were still being charged for their ADSL line. When we tried to cancel it we couldn't, because we weren't quoting their security code, which we did not have and could not get.

Of course, the line was cancelled eventually and the charge credited, but not before BT had totally destroyed its relationship with us, losing our future business.

Despite what some security-conscious people might think, the truth is that business relies on trust. Whenever I give my credit card details out over the phone or the net, I am exercising trust.

I'm doing the same when I hand over my credit card in a restaurant. I do the same when I ask a plumber to visit my house. If at every stage I had to totally validate every aspect of my business dealings, it would be unworkable.

That's why we are so outraged when people exploit this trust and fail to deliver.

It's why Watchdog is a popular TV programme. Most of us feel that the perpetrators of the scams should be sent to jail, the key melted down and sold to recover some of the losses they caused. We hate trust-breakers because if everyone was like them, our society couldn't operate.

My investment deal was almost broken by the overzealous lawyer. Of the many investments made by that investor, ours was the only one that made them money. Yet it was threatened by a specialist doing their best, who put being 'right' as their top priority, when being pragmatic was the better option.

In these days of out-of-control viruses, worms and other exploits, we still need to apply a common sense approach to security. Wooden zealotry too often ends up achieving the opposite.