An information security blueprint, part 2