Mapping legal requirements to IT controls | IEEE Conference Publication | IEEE Xplore