$1.$Why is IT governance important? Why do policies need to be approved by senior or executive management? Should you just use samples or templates you find online? Why would you not just fully adopt a best practice?

$2.$What is the difference between written IT or Security Policies and technical policies such as those in Windows $($i$.$e$.$ group policy$)$ or Azure? Does one affect the other?

$3.$How do policies integrate with procedures, standards, and baselines? What security metrics should you be managing sufficiently enough to get data that is actionable vs overwhelming?

$4.$Who decides which regulations and legislations your company should follow? How should you handle a situation when your boss disagrees with you about why a law or regulation is relevant?