5. Most likely to result in less security:
6. Most likely to result in more compliance:
Much of the focus that the information security field has at the moment is directly caused by C-level requirements to be "in control" and "compliant". Gartner Group makes the point (which I have tried to convey for a long time to many of my own clients) that compliance will not lead to security, but that increasing security will lead to compliance.
In the whole compliance debate, goal and means have been confused for too long. The goal of the whole compliance process is to protect stateholders interests, and some of the means that can be used to achieve that, are security related. Compliance is not the goal. Protecting stakeholder's interests is.