What are the components of an organizational framework for security and control?
• Define general controls and describe each type of general control.
• Define application controls and describe each type of application control.
• Describe the function of risk assessment and explain how it is conducted for information systems.
• Define and describe the following: security policy, acceptable use policy, and identity management.
• Explain how information systems auditing promotes security and control.