There’s an old adage about not seeing the forest for the trees, being so concerned with small details that you miss the big picture.
When it comes to information security, one must see the forest AND the trees.
A small, overlooked detail could lead to an exploit on your systems (buffer overflows, SQL injection, etc.)
However, you still need to be able to look at the entirety of your information systems to see what presents the major attack surfaces.
Trees are an important concept as a data structure, and many core technologies are visualized as trees. Your LDAP directories, networks, and code revisions are often referred to with tree-terminology. All of them must be highly secured against attack.
And of course, if an attacker gets a hold of your root(s), your entire “tree” can be compromised, and then like a disease that one infected tree can affect your whole forest if you are not vigilantly maintaining its health.
Finally, I would like to see companies make the security of their systems more of a priority. I want them to become enlightened to the importance of information security.
The Buddha became enlightened while meditating under a tree.