Even the most technically savvy organizations cannot stop hackers and the risk of poorly implemented IT security controls can be devastating. Technical solutions need to work in harmony with formal security controls, informal organizational culture, and the overriding mission and goals of the organization. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of enterprise-wide frameworks and implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats. This paper gives an overview of why an organization should consider using, or tightening up their organizational security controls, an overview of the most widely used frameworks, and a comparative discussion of the various IT security frameworks to assist managers in assessing their own IT security efforts.