Generally Accepted Principles and Practices for Securing Information Technology Systems