a very interesting article that explains why, despite spending millions of dollars on technology, many companies fail to create a secure environment:
We often hear from CIOs who are frustrated by the amount of money they allocate to security projects and technology, compared to the results they achieve. In some cases, executives perceive that security seems to worsen even as spending increases. The reasons vary, but the root cause usually is the same: the lack of a well designed, enterprise-wide security strategy.
What’s needed is a comprehensive security strategy that clearly defines the current state of the security environment and aligns with business objectives for the next three years.
The first step in designing a security strategy is to understand the current state of the security environment. That may seem obvious, but many companies skip this critical step.
the whole article with the diagrams are here.