Japanese trains are useless, really useless. Don't believe the stereotype - sleek, elegant machines gliding effortlessly at hundreds of miles an hour, with the snow-capped Mount Fuji towering imperiously behind. They're actually hopelessly inefficient and unreliable.

Actually, that's complete nonsense. I've travelled the length and breadth of the archipelago while cocooned inside these perfectly engineered machines and have only once had cause for complaint, when the on-board vending machine dispensed dried squid instead of Asahi.

Yet this is the kind of vitriol, minus the profanities, you might hear from the man on the Tokyo omnibus in the 0.001 percent of the year that the transport infrastructure fails. Because that's what humans love to do. We put our faith in technology and come to rely on it, only to reel away in disbelief when it fails us: how could it, how dare it fail us? And then we're left exposed, without a plan, stranded on the platform with our trousers round our ankles, so to speak.

The metaphor extends (yes it does, it really does) to software programming. As Marc Maiffret, ex-hacker and co-founder of security firm eEye told me, it takes just four or five programming mistakes in 26 million lines of Windows code for a major threat to appear every four months or so.

So in December last year the Windows Metafile flaw reared its ugly head, and before too long we'll no doubt hear of another threat to enterprise customers. Every time a vulnerability like this comes to light the developers get it in the neck - if only software was written well and tested thoroughly in the first place, the commentators say, we wouldn't have nearly as many security flaws in applications. But it is almost inevitable that mistakes will be made; as good as they are, those human beings doing code analysis will be prone to error, and automated checking tools can only be automated so far.

What this means for IT managers is that even if all the applications running on their networks are engineered to the highest possible standards, a proactive approach to security is still a necessity, not an option. Yet every time a Windows Metafile-type incident comes along there are casualties: those who thought their defences were adequate and failed to install comprehensive end-to-end security.

For many, the difficulty is in keeping up to date with the ever-expanding range of security products on the market. How do you sift out the rubbish, the exaggerated claims and the over-hyped features of many vendors and get to the good stuff?
The CSIA's Claims Tested Mark will certainly be welcomed by IT purchasers as one way to separate wheat from chaff. But many still lack the knowledge to determine whether the kit they choose is really suitable for their specific security requirements.

If they have not done so already, IT departments need to plan now to ensure they have the resources and knowledge necessary to see their way through the maze of products on offer, and understand their limitations, so their systems are as prepared as possible for the unknown.