Required: 1. Briefly describe different computer controls available to an organization. a. Identify how these controls help to maintain system security and reduce risk. b. Do companies need a formal internal policy that addresses security violations? Why/why not? c. Consider what type of actions a company should take against employees that circumvent computer Solution Security Controls: Administrative Controls, Technical or Logical Controls, Physical Controls The constituents of Security: Vulnerability, Threat, Risk, Exposure, Countermeasure or Safeguard The data vendor grants access needs or may choose to give this function to business unit managers. And it is the data owner who will contract with security violations pertaining to the data he is liable for defending. Subjects that should be measured when developing a security policy: Classification Controls: Qualitative Risk Analysis Techniques:.