Introduction Information is one of the most important enterprise assets. For any organization, information is valuable and should be appropriately protected (BS 7799-2, 1999). Security is to combine systems, operations and internal controls to ensure the integrity and confidentiality of data and operation procedures in an organization.