The COBIT (Control Objectives for Information and Related Technology) framework specifically addresses controls over information technology. Underpinning the COBIT approach are two fundamental information security concepts- 1. Security is a management issue, not an information technology issue 2. Defence-in-depth and the time-based model of information security The main types of control used in information security are Preventative, Detective and Corrective. Required: A) Explain why information security is important for an enterprise. (4 marks) B) Give two examples of each of the three main types of control listed above. (6 marks)