Can all the information security problems in the industry be solved by mere compliance with the standard security requirements?