Upholding security involves different levels in an organisation. This is reflected in the three courses I'm teaching - Strategic, Operational and Technical Infosec (see "my events" above).
But one factor is clearly missing on this "headline" level: people!
Strategies are devised by humans. Operational processes are designed by and populated with humans. And - without humans, technology won't help.
How can we approach the "human element" of Information Security? Trust and motivation will be key factors.