"Complete" security is expensive and restrictive...
Several posters have mentioned how security policies can interfere with normal work. This is always the case, and it's never going to change. In many cases the people in charge of the I.T. team don't realize the risks in not implementing security policies, or in circumventing them. Also, anytime you have a large company or organization with a computer infrastructure, they immediately become a target. The only way to completely secure a system is to remove it from any network with external connections, and then put armed guards at the entrances to any entrance to the server room. Even then, guards can be bribed.
These firings set an extremely dangerous precedent for more than just I.T. folks. If security people are going to be held accountable at this level, they will have to be much more severe with their security. They will have to have total and unquestioned control of everything within the I.T. infrastructure and will have to lock everything down to the point where productivity will become severely degraded. They'll also have to have lawyers to ensure that, if their recommendations are not implemented or their decisions are overridden, there is a record of who vetoed their suggestions and policies. Since they can get fired at any time for any breach of security, many people will bail out of the I.T. security business; the result will be that those people who remain will demand salaries far above average (required to pay all those legal bills and have a nest egg in case something goes wrong), which will make companies reluctant to hire them. Also, how much do you want to be that these two sue for wrongful termination...and win? That will also make companies reluctant to hire security professionals.
In the end, all these firings do is allow some higher-level manager to protect his tuckus without addressing the actual problem. Great management decision there.
