If information, business processes, and IT systems of an organization are inadequately protected (for example, through inadequate security …