In summary, organizations should implement a range of physical, logical, operational and input controls to adequately secure their IT systems and information. Different control types target different threats and risks. Together they form a comprehensive control framework.
In summary, organizations must implement general controls, application controls, personnel controls, logical access controls, physical access controls and facility controls to adequately secure information systems and mitigate risks. No single control is sufficient, a combination is needed.