Information security is at the forefront of timely IT topics, due to the spectacular and well-publicized breaches of personal information stored by companies. To create a secure IT environment, many steps must be taken, but not all steps are created equal. There are technological measures that increase security, and some that do not do, but overall, the best defense is to create a culture of security in the organization. The same principles that guide IT security in the enterprise guide smaller organizations and individuals. The individual techniques and tools may vary by size, but everyone with a computer needs to turn on a firewall and have antivirus software. Personal information should be safeguarded by individuals and by the firms entrusted with it. As organizations and people develop security plans and put the technical pieces in place, a system can emerge that is greater than the sum of its parts.