What is the primary purpose of conducting an informal security audit?
A. To identify and exploit vulnerabilities in an organization's systems
B. To gather evidence of the effectiveness of existing security policies and practices
C. To publicly demonstrate an organization's commitment to cybersecurity
D. To comply with mandatory external security regulations and audits
