I recently began reading Beautiful Security: Leading Security Experts Explain How Think, in particular chapter 9, Tomorrow's Security Cogs and Levers by Andy Oram and John Viega.  The chapter is a great read for any information security professional and thus far my favorite in the book.  To develop some context, the chapter begins with...
 
Information security is not just about technology. It is about people, processes, and
technology, in that order—or more accurately, about connecting people, processes, and
technology together so that humans and entire systems can make informed decisions. It
may at first seem rather odd to start a chapter in a book about the future of security
management technology with a statement that puts the role of technology firmly in third
place, but I felt it was important to put that stake in the ground to provide context for the
rest of this chapter.
 
Oram and Viega go on to discuss two different types of security people; builders and breakers.  Builders are the optimists.  Despite recognizing the profound seriousness of security vulnerabilities and dangers we face today, there is still room for encouragement.  Breakers, as you can imagine, are the pessimists.  "You wonder when listening to some of them, why the Internet hasn't totally collapsed already and why any of us have money left unpilfered in our bank accounts" (Oram & Viega). 
 
Despite drastically different mentalities, there is one simple truth: with innovation, when benefits outweigh drawbacks, innovation almost always succeed.  Builders understand this.  They understand that new technology, with significant benefits, will move forward and inescapably reveal new security issues.  Unlike breakers, who at times can be intimidated by change, builders look to see how novel technologies can be leveraged to improve security.  
 
Every few years the next big thing comes along and polarizes security people into these two philosophical camps (Oram & Viega).  We are currently seeing it with Web 2.0 (social networking, wikis, social bookmarking, etc) and roars are beginning to escalate concerning cloud computing.  Inevitably we will see the same with virtual worlds.  This got me thinking.  Wouldn't it be interesting to look at ways in which virtual worlds could improve security?  Here are a couple quick ones off the top of my head.....
 
1) Dramatically improve communication in real-time
 
The ability to quickly communicate amongst the masses in real-time is very powerful.  Twitter has recently made this more apparent than ever.  Virtual worlds take real-time communication to a whole new level, incorporating both social context and environmental relevance.  These components will improve the clarity of information dissemination and mitigate ambiguity commonly seen in text based communications.
 
2) Fertile ground for innovative, small businesses to cheaply and more effectively produce novel security solutions
 
Virtual worlds provide an ideal space for small businesses to form and produce a wide-ranging set of assorted security solutions.  This idea encompasses two components.  First, virtual worlds provide a cheap environment to bring together intelligent individuals from all over the world.  As a result, many effective small businesses will ubiquitously spawn.  Second, these small businesses will have concentrated focuses.  They will become experts and have an esoteric understanding of individual security components few others will understand.  Instead of devising and implementing large, bulky security solutions, enterprise organizations will have a selection of small, more modular components (supplied by small businesses providing in depth, esoteric knowledge) that can be amended to enterprise specific requirements.
 
3) Provide a neutral site for rich communication between diverse organizations (government agencies, contractors, private businesses, public organizations, etc) to discuss security
 
A virtual world has the ability to provide an environment, organizationally agnostic, enabled for rich communication amongst a diverse set of organizations with varying goals.  What I mean essentially is a neutral virtual environment to bring different groups together, deter motivational bias, and avoid turf battles.  Let me once again reiterate, they have the ability to do so.  This does not mean a single organization with private property, masked as public, holding information exchanges with additional organizations is in fact a "neutral" site.
 
These simply are just a few thoughts off of the top of my head.  I am sure there are many more.  Notice that all leverage the power of collaboration and communication, characteristics virtual environments are best suited to facilitate. 
 
Finally, understanding a conscientious builder mentality can be a driving force in devising secure, innovative solutions with advanced technologies.  We should not be scared of what is on the horizon, but rather embrace it, and mold it to our needs and requirements.