In the final part of this series, Mike Rothman, analyst with Securosis, takes the steps and enforcement controls discussed from parts 1 and 2 and examines how to build a real-world, defense-in-depth security program – one that is sustainable and one the does not impede business productivity.