The red boxes correspond to the project phases were we spend most of our InfoSec dollars today. Do you see the problem with this? We are trying to solve the problem at the most expensive time in the project.