What is it?
A set of guidelines designed to protect an organization’s information security, safeguarding the standards of confidentiality, integrity, and availability (CIA).
Why is it important?
Controls are important because without them, an organization has no guidelines for protecting information and assets.