Information Security is both very hard and very easy at the same time.
Not only are Internet Nasties a nuisance, or worse, they prevent the new, useful Applications and Networks like e-Commerce, i-EDI, e-Health, e-Banking, e-Government and other business/commercial transactions systems.
Perfect Security isn't possible: ask any bank.
Defenders need to be 100.00% correct, every minute of every day.
Attackers need just one weakness for a moment to get in.
Not all compromises/breaches are equal: from nothing of consequence, up to being in full control with system owners not being aware of it.
All 'Security Systems' can only be "good enough" for their role, which depends on many factors.
How long do you need to keep your secrets? Minutes or Decades?