On the one hand, security technology after another, based on the network layer, application layer, host-based system, based on changes in the database development and so fast so that technical staff can not keep up times, firewall, IDS, IPS, anti-virus, SOC systems, vulnerability scanning , a variety of threat management systems and other products, together with company C, H company, I companies XX cow B company stop publishing data annually as a result of information security has caused the loss of XX Billion and growing more and more fast, so keep playing CTO reports to the UFO money for equipment on XX, XX system.
On the other hand, why should so many of the systems and equipment the matter, the specific use of each device, CTO necessarily all that clearly. In fact, this involves the nature of information security, what its essence is the matter? I think the essence of information security is to get the right people using the right information resources. All safety regulations should be focused and clearly defined what information resource who should be used, and all equipment and systems should guarantee the implementation of safety rules and regulations, when it was in violation of safety rules and regulations, related systems capable of timely and effective detection and reporting.
So security is the essence of compliance, information security and therefore must be to do a set of strict norms and practices, just as our actions to comply with the same laws and regulations.