Assessing Damages of Information Security Incidents and Selecting Control Measures, a Case Study Approach.