IT is dynamic and for this
reason IT security threats also change quite often [28].
Therefore in order to achieve this principle it is important to
define an approach that will periodically cater for the changing
threats of the IT environment through a continuous monitoring
exercise [22].