Information assets are critical to drive businesses and paramount to the endurance of any organisation in today's globalised digital economy. Loss confidentiality, integrity, availability of information and services can lead adverse impact on organisations. In these current economic times, risk and security issues have to be alleviated as it poses adverse effects on the day to day operations of any organisation. The more efficient hindrances pertaining to security threats being addressed, the greater opportunity it creates for social-economic well-being. IT and networkrelated security are also one of the major issues that organisations must not take for granted. Thus, there is a critical need to protect information and to manage the security of information technology (IT) system within organisations. This requirement to protect information is particularity important in todays milieu because many organisations are internally and externally connected by networks of IT systems.