This document discusses information system security and controls. It describes why systems are vulnerable to threats like hackers and viruses. Both general controls that focus on organization-wide resources and application controls that focus on specific systems are important for protecting systems. Factors to consider when developing controls include costs, benefits, and risk assessment.