Generally, three unique elements are required for adequate information security architectures: people, processes and technology. For most entities, designing and operating adequate safeguards is an extremely complex process requiring a total compliance commitment from every employee empowered to access information assets. Absence of any one of the information security architectural components can create a weak link in safeguarding information assets and hinder security control usefulness.
Technological and non-technological policies, directives, procedures, standards and rules can assist in preventing as well as detecting IT security breaches. However, in the final analysis, it is sustained employee ethics and integrity that determine entrusted asset safety.