https://zh.wiewird.com/post/information-security-is-the-responsibility-of-the-information-unit-of-the-agency-the-business-unit-should-perform-its-own-duties-and-do-business-requirements-well-the-agency-should-no-longer-place-the-responsibility-for-information-security-on-the-business-colleagues