(49) Process personal data to the extent absolutely necessary and proportionate to ensure network and information security - i.e. ensuring the resilience of a network or information system at a given level of confidentiality against accidental events or unlawful or hostile acts that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data - and the security of related services offered or made available through these networks and systems by public authorities, computer emergency response teams, computer security incident response teams, providers of electronic communications networks and services, and providers of security technology and services is a legitimate interest of the administrator concerned. This may include, for example, preventing unauthorized access to electronic communications networks and the distribution of malicious code, disrupting denial-of-service attacks, and preventing damage to computer and electronic communications systems.