Dave Whitelegg has a blog that I’ve just stumbled on and the first article I see is this one:
IT Security Expert: Security is a Process, not a Product.
This is a great post and also contains a link to a great article by Bruce Schneier - here - the gist of things here should echo what I’ve been posting about - information security is not something that a vendor with a magic box is going to provide….
Security is a process, an integrated, wholistic approach that incorporates technology, technology products, internal process, …