Every organization has risk. Every organization has a different risk tolerance. Most organizations are required by state or federal law to have controls in place to minimize and manage risk. E3 believes that information security is a continuous cycle of assessment and improvement which should be ingrained across all disciplines in any organization.