.8. _____________ provide guidance on how to assess and improve IT process performance, using maturity models, metrics, and critical success factors.

9. Internal control was defined by the Committee of Sponsoring Organizations (COSO) as a broadly defined process, effected by _____________.

10. For a sound control environment to be effective, proper assignment of authority and responsibility coupled with the proper _____________ of available resources is required.

11. Authorization, reviews of operating performance, security of assets, and segregation of duties are examples of sound _____________ activities.

12. To ensure the effectivity of the control process, the entire control system must be _____________ to assess the quality of the systems performance over time.

13. Within each of the ISO17799 areas, key controls are identified to be considered _____________ and additional controls considered _____________ dependent on the level of risk sustainable by the organization.14. Within the NIST handbook, security and planning in the computer-system life cycle are seen as _____________ controls.