Your company president has come to you after watching a news report on television and he has expressed his concern about all of the desktops being part of a botnet. He would like a memo from you looking for recommendations for policy statements that could be used to help remediate this risk. How would these policy statements (keep in mind that a policy statement is intended to be high level and should have no hint at all about technology, vendors, implementations) help with that risk? What residual risk may remain once these 7 policies have been implemented? What is your recommendation for that residual risk?