1. Who created the Enterprise Risk Management Framework? What is its purpose?
2. What are the five principles of COBIT 5? Explain.
3. What is the difference between internal and external controls?
4. Why do industry groups have their own standards for cybersecurity? Name one standard.
5. Are measurements of direct costs sufficient to reflect total damage sustained by a cyberattack?
6. What four components comprise the IT security defense-in-depth model?
7. What are the four steps in the IT security defense-in-depth security model?
8. Explain why frameworks, standards, and models are important parts of a cybersecurity program.
