Where you stand depends on where you sit, but all threats are cross-vector threats, and without a mandate for measuring and reporting actual improvements in security (decision making), attempts at improving security makes absolutely no sense, not even for the low-hanging fruit.
Cybersecurity, computer security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide. More ...
Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. More ...
Software or application security encompasses measures taken to improve the security of an application, which is often done by finding, fixing and preventing security vulnerabilities. More ...
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. More ...