Explains the purpose of, and provides advice and guidance on, the application and operation of elementary physical, procedural and technical security controls (for example, the key controls defined in IS27002). Communicates information assurance risks and requirements effectively to users of systems and networks.