Administrative Defined Process PCI DSS Reporting Respond Administrative controls Detective controls Perform Risk tolerance Entity Level Control Examination Adverse Opinion Application Control Audit Risk Availability Avoidance Security (Common Criteria) Service Organizations Standard of reference Physical Physical controls Plan Financial Financial audits Preventative controls Technical Baseline Technical controls Breakdown Financial Reporting Follow-Up HIPAA Security Rule Inherent Risk Testing Transfer Collusion Confidentiality Control Risk Processing Integrity Qualified Opinion Quality audits Regulatory Modified Opinion NIST 800-53 Initial/ Ad Hoc Unqualified Opinion Compliance with Laws/Regulations Interviewing Corrective controls ISO 27002 Non-existent Legal Privacy Operational Efficiency & Effectiveness IT General Control Observation Managed and Measurable Mitigation Management Override Judgement Operational audits QUESTION 18 Match the control type to its definition: (word bank) _comprise the provisions an organization has in place to maintain, keep available, and restrict or monitor access to facilities, storage areas, equipmentand information assets