New business processes, applications, and IT systems, as well as new basic threats, constantly
affect the status of information security within an organisation. If there is no effective audit
concept that also increases awareness of new threats, the organisation's level of security will
decline. Its actual security will then gradually become a dangerous illusion of security.