The author emphasizes on a holistic approach towards information security that caters for a judicious mix of technology, legislation and organizational policies.