SEC-578 Technical Controls Paper 1. How could Administrative, Technical, and Physical Controls introduce a false sense of security? 2. What are the consequences of not having verification practices? 3. What can a firm do to bolster confidence in their Defense-in-Depth strategy? 4. How do these activities relate to "Best Practices"? How can these activities be used to demonstrate regulatory compliance?