An analysis of the impact of information security policies on computer security breach incidents in law firms