To protect the information systems of an organization an appropriate set of security controls needs to be installed and managed properly. Many organizations that can afford it conduct either a risk analysis exercise ...