As the Network Systems Manager, how would you create the following four controls (or policies) to be used by PVSS:

  • Entity level control
  • Network level control
  • Operating system level control
  • Web or database server level control

Keep in mind that each control should focus on a specific topic and offer the following structure:

  • The Policy Statement: This is a statement defining the specific action or regulation.
  • Responsibilities: Who is responsible for various actions?
  • Enforcement: How the policy will be validated?
  • Violations: What are the consequences for violation?



Source link