It is an old security methodology to review what is necessary in a Security Strategy:
People = we know people can cause security holes, give out security secrets, or perform unknown(and known) security problems
Process = this is a set of events that hopefully will prevent some of the people problems, such as changing a critical system requires a second pair of eyes (peer review)
Technology = Use technology to prevent as many potential problems (including people).
we use Anti-virus, anti-malware, intrusion prevention, incident response software.
At Fixvirus, we have helped sompanies with all 3 pieces of a security strategy