Is effective cyber security a balance between people, process and technology?

Cyber security can be seen as many things. I recently wrote a post  about whether information and cyber security are the same thing. Opinion would seem to be mixed; some see cyber security as more of a technical ‘IT security’ subject, whilst some see it as something totally different.

My own opinion is that cyber security and information security are the same thing in principle. This is because we have to get back to the core of what cyber security and information security are about: protecting information assets. Also, they both involve the optimum combination of people, process and technology.

This combination requires putting in place controls such as information security awareness training (people), adhering to a standard such as ISO/IEC 27001 (process), and implementing technical solutions such as information classification software (technology).

I believe effective cyber security is about the optimum combination of people, process and technology. What do you think?