Information technology (IT) security is of crucial importance for companies and organizations of all sizes. Attackers are becoming increasingly professional, which calls for a holistic approach – technology, processes, and people. It is therefore important to know your own situation, continuously assess it, and constantly improve.