Case Study – Using IT Governance Controls for Security