Answers:
This question doesn't construct any sense. You choose a "good" wellbeing control because not a soul can read out "this is the best collateral control." Best is contained by the eye of the beholder, of late approaching allure. Good/adequate can be tested, best cannot. I'd phone up this "best fit" a bit than biddable. Best Fit technique that it catch the stuff that it claims to capture, fail any past the worst or out of harm`s way (depending on your requirement), have solid and testable code that can at least possible stand up to a code review (again, depending on what plane of trust you involve surrounded by the product), and meet the have need of of your wellbeing model.
With indemnity, you don't obligation to protect the $100 document next to a $1000 investment. You obligation to protect the $1000 document beside the $1000 investment. I suppose the example is arguable, depending on your valuation of your assets, but you draw from the thought - don't put expensive countermeasures surrounded by to protect resources that are cheap to recreate or that do not negatively impact your organization budget. Protect the expensive assets near the expensive countermeasures, controls, etc. That's where on earth you'd be hurt if you lost the asset or it be disclosed, intentionally or unconsciously.
WG