According to the State of Information Security Survey 2003, a complex integration of technology, education, risk analysis, as well as corporate and government regulation are needed.

CNN: Cyber-security enters boardroom

Risk analysis is a basic requirement of the standard, as is the establishment of a security policy.

ECONOMIST: Putting it all together