This Enterprise Security Architecture component includes preventive, detective, and corrective controls that safeguard the enterprise infrastructure and applications. Some businesses improve their security architecture by implementing directive controls such as policies and procedures. Many traditional information security professionals consider security architecture to be nothing more than having security policies, controls, tools, and monitoring. The world has changed, and security is no longer the same beast it once was. Today's risk factors and threats are not the same or as straightforward as they once were. New emerging technologies and possibilities, such as the Internet of Things, alter how businesses operate, their focus, and their goals.