Internet security relies upon a fixed set of principles and tools to make the exchange and storage of data as secure as possible. Which methods are "best" depends on one's priorities. What is secure enough for one situation may be insufficient for another. Evaluating an individual's or organization's IT security needs requires a layered approach to threat analysis. Identifying what is to be protected, assessing the range of known threats, and planning for unknown threats. And last, but not least, environmental factors and constraints related to implementation must be considered.
Only after thorough analysis is it possible to derive a sensible solution. In fact, the analysis or evaluation portion of a security assessment is not only crucial, it is "the hard part" of IT Security. Diving into the details of each unique scenario, there are virtually unlimited possible circumstances. Yet, we must apply a limited set of tools to protect the target.