Read the following Scenario:
Company M designs, manufactures, and sells electronic door locks for commercial buildings. The company has approximately 1,500 employees in three locations around the United States and generates $50 million in annual revenues. Over 5,000 wholesalers and distributors access the Company M business-to-business (B2B) Web site to place orders and track fulfillment. In the past year, Company M experienced 22 information security incidents, most of which involved lost or stolen laptops, tablet PCs, and smartphones. In addition, the company dealt with four serious malware events that originated from an unpatched server, an insecure wireless network used in the manufacturing plant, an insecure remote connection used by a sales person, and a headquarters employee who downloaded a game from the Internet to her workstation. Three of the malware incidents resulted in files that were erased from the company’s sales database, which had to be restored, and one incident forced the B2B Web site to shut down for 24 hours.