Encryption is limited in that it cannot prevent the loss of data. It is possible to compromise encryption programs
if encryption keys are not protected adequately. Therefore, encryption should be regarded as an essential, but
incomplete, form of access control that should be incorporated into an organization’s overall computer security
program.