INSTRUCTIONS:
Provide a 6 pages analysis while answering the following question: IT Controls. Prepare this assignment according to the guidelines found in the APA Style Guide. An abstract is required. From various threats such as natural catastrophes, human errors, cyber-attacks and structural failures (FIPS, 2006). Organizations customize and execute security controls as part of its far-reaching practices for the management of privacy risk and information security. The security control processes are provided for by the legislation, policies, executive guidelines, standards, directives, conventions, missions and business requirements and they aim to address various security and privacy needs of the organizations or individuals (NIST, 2013). Each group or individual has specialized selections of controls designed for specific organizational functions, technologies, and business environment. The significance of establishing security functionality and assurance is to ensure the trustworthiness of the information technology systems and products based on sound systems and security engineering principles (NIST, 2013). The information security controls are intended to expedite compliance with appropriate federal laws, policies, executive orders, standards, directives, and guidance.The compliance of the information system with the laws and regulations involves the organizations executing absolute attentiveness concerning risk management and information of the security (FIPS, 2006). These include using appropriate information as a program for executing risk management of the entire organization, utilizing reliability and flexibility to ensure the organization’s documented controls satisfy the organization’s goals and requirements. The organization should use available tools and techniques at its disposal for developing, implementing and maintaining protections and controls of information systems.Security control refers to safety measures and designed or recommended for an organization to ensure reliability, privacy and accessibility of data processed, stored and transferred by those organizations and placate a range of defined security requirements.