*“Information security” is defined as managing risk to unauthorized disclosure, modification, and destruction of information using administrative, physical, AND technical control.