A Practical Guide to Security Control Frameworks