Five IT security questions any executive should know how to answer