An explorative approach on the impact of external and organizational events on information security.