As the Network Systems Manager, how would you create the following four controls (or policies) to be used by PVSS:
Entity level control
Network level control
Operating system level control
Web or database server level control
Keep in mind that each control should focus on a specific topic and offer the following structure:
The Policy Statement: This is a statement defining the specific action or regulation.
Responsibilities: Who is responsible for various actions?
Enforcement: How the policy will be validated?
Violations: What are the consequences for violation?
