Access to an institution's protected resources must be restricted to authorised users and authorised IT components. Users and IT components must be...