To ensure that all risks receive an appropriate level of treatment

To ensure that all security controls are implemented

It has the same meaning as risk assessment

To ensure that information receives an appropriate level of protection

A technical specification for the control

A non-functional requirement on the control

An attribute given to that control

The theme relating to that control

Segregated responsibilities to reduce opportunities to breach security

That two persons should not perform the same duties

That each person's duties should be separable from the person

To pay duty in two separate installments

Technical and organizational

Administrative, logical, physical

Human, physical, technical, and managerial

People, physical, technological, and organizational

None of the above

Both "a" and "b"

It contains a list of information security risks

It contains security controls (security measures)