Why can't perfect IT system security be achieved? If security can never be perfect, how should you manage against malicious threats?

a) Due to the complexity of modern IT systems and constantly evolving threats.
b) Because humans are fallible and can make errors in implementing security measures.
c) It's practically impossible to anticipate and defend against all possible attack vectors.
d) All of the above.