Information security is often seen as a technology issue, when it should be perceived as a governance issue. The failure to address security problems in today's environment is caused by organizational issues, not just technological limitations. Companies should stop thinking of IT Security Governance as relegated solely to software implementation and IT departments. Today, boards of directors, senior executives, and managers all must work together to drive toward an effective enterprise security. (Bordoloi, C. 2012).
Do you agree with this author's thesis, why or why not?