Take organization-defined actions when unauthorized changes to the software, firmware, and information are detected.