This document discusses managing system security in organizations. It covers security threats like human error, environmental hazards, computer failures, cybercrime and intentional threats. It describes methods to defend against these risks, including preventive control systems, detection of security issues, recovery from attacks, and correction of vulnerabilities. The document also discusses IT auditing to evaluate security controls and ensure compliance.