The security structure of the organization should be designed to protect the confidentiality, integrity, and availability (CIA) of the organization’s valuable information assets effectively. These are three distinct security objectives and often require different types of countermeasures for their protection. Some information assets need to be kept secret (confidentiality) like the recipe for grandma’s secret sauce. Other information assets are public information but must remain highly accurate (integrity) like the trading prices of stocks. In most cases, the information must also remain accessible (availability) to business managers and workers when they need it so they can make the best business decisions to optimize ...