Paragraph feedback comment to Maria's discussion post.

Purpose: This briefing is to introduce the Red Clay Renovations Board of Directors and IT Governance Board to the three classes of IT security controls. | will be covering managerial, operational, and technical classes, and further discuss how specific control families within each class can be implemented to protect the company's Wilmington, DE headquarters. | will be outlinining how these security mechanisms can support the confidentiality, integrity, and availability of Red Clay's information systems (NIST, 2020). Control Classes Overview: Like financial controls that prevent fraud and ensure compliance, IT security controls serve to manage risk across digital systems (ISACA, 2021). 1. Managerial controls establish the framework for managing risk, policies, and oversight, much like budgeting and audit policies in finance (NIST, 2006). 2. Operational controls address the procedures and training that guide employees in secure behavior, like internal workflows that ensure financial checks and balances. 3. Technical controls use hardware and software to enforce access and protect systems like automated safeguards in accounting systems. For the Wilmington HQ, these controls work together to form a layered defense. Managerial controls define security policies. Operational controls train employees and document procedures. Technical controls enforce security through access management and data protection. Together, they ensure compliance, reduce human error, and strengthen the overall security posture. Selected Control Families and How They Protect Red Clay 1. Managerial Control Family: Risk Assessment (RA) Risk Assessment involves identifying threats, evaluating vulnerabilities, and determining potential impacts. This helps prioritize resources and guide strategic security decisions (NIST, 2020). At Red Clay HQ, conducting formal risk assessments ensures that vulnerabilities such as unpatched design software or unsecured employee laptops, are identified and addressed before they can be exploited. 2. Operational Control Family: Awareness & Training (AT) This family ensures employees understand their responsibilities and can recognize and respond to security threats. Like financial training to prevent invoice fraud, security training minimizes the risk of user error (ISACA, 2021). At Wilmington, this includes onboarding sessions, phishing simulations, and quarterly refresher courses for staff, ensuring that every employee knows how to handle sensitive customer data securely. 3. Technical Control Family: Access Controls (AC) Access Controls manage who can access what resources based on their role and need. Just as financial systems restrict who can approve expenses or view payroll, IT systems must limit accesstossensitive data (NIST, 2020). In Red Clay's headquarters, only architects can access blueprint repositories, and administrative staff cannot modify financial records These controls