If it weren't because too many security departments are like Mordac, today's Dilbert would be funny. Unfortunately, there are still far too many people working on security that fail to recognize that nobody actually wants security. Nobody bought their computer, or built a network, or hired an IT staff, because security was the ultimate purpose. They did all those things to get something else; efficiency, access to data, to build a web site, enable people to communicate via e-mail, etc. Security is merely the thing they have to have to make all those other things safe. Security is not the end goal, it is the means by which we achieve the end-goal of privacy, of efficiency, of reliability, etc.
If you are a business person who goes to security to find out how to do something safely and your security folks do not ask about the business need, it is time to educate or replace them. If you are a security person, and you do not start out the discussion with the business asking what business need they are trying to meet, you are not acting as a valuable member of the business. Security is there, first and foremost, to help the business achieve its goals safely; not to stop the business from achieving its goals.