Administrative controls consist of approved written policies, procedures, standards and guidelines. Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls. Some industry sectors have policies, procedures, standards and guidelines that must be followed – the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy of Gramm-Leach-Bailey (GLB), which pertains to financial records maintained by brokerages, banks, lending institutions, and credit unions.
GLB addresses the need for CIA over the financial records of consumers, and it outlines specific obligations that must be taken by these institutions to protect the data associated with such records.
Due care policies identify the level of care used to maintain the confidentiality of private information. The objectives of due care policies are to protect and safeguard customer and clients records.
These organizations help craft due care diligence obligation for organizations, mandate the creation of Administrative Controls to protect the private personal information of consumers, and define the private property of a consumer and a company.
Due care has steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources, and employees. A prudent person takes due care to ensure that everything necessary is done to operate the business by sound business principles and in a legal ethical manner.
They inform people on how the business is to be run and how day to day operations are to be conducted. One of the leading ways to handle due care policies is to implement best practices.
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. This makes information security an indispensable part of all the business operations across different domains.
How does the absence of Administrative Controls impact corporate liability?
Protection of information resources requires a well-designed set of administrative controls. A lack of administrative controls suggests that management is negligent in understanding its responsibility to protect the information system. Administrative controls have positive and negative effects. Encryption, for example, protects confidentiality, but it also takes time and introduces key management issues. When selecting controls, you have to consider the full impact. If the negligence contributes to theft, loss, or aid of a crime, this would constitute a lack of due diligence on the part of management.
Administrative process controls outside the computer system should be clearly documented, enforced and regularly exercised. For instance, while entering data to create a new record in a material system database’s item master table, the only internal control that the system can provide over the item description field is not to allow the user to leave the description blank – in other words, configure item description as a mandatory field.
An effective information security program incorporates a combination of technological and human controls in order to avoid the loss of information, deter accidental or intentional unauthorized activities, prevent unauthorized data access, detect a loss or impending loss, recover after a loss has occurred, and correct system vulnerabilities to prevent the same loss from happening again (Parker, 1984).
How do Administrative Controls influence the choice of Technical and Physical Controls?
Top of FormBottom of FormAdministrative controls formalize standards, rules, procedures, and the control disciplines to ensure that the organization’s general and application controls are properly executed and enforced. Protection of information resources requires a well-designed set of controls. Computer systems are controlled by a combination of general controls and application controls.
In the Information age upon us, understanding risk is an important element in deciding on the protection mechanism selected to protect information. Information security professionals are challenged with management of assets and other obstacles that make it difficult to implement the appropriate controls. An array of tools and technologies can help firms protect against or monitor intrusion. Technical controls include tools for authentication, firewalls, intrusion detection systems, antivirus software, and encryption. Tools and methodologies are also available to help firms make their software more reliable. Some of the easiest, most effective and least expensive controls are physical controls. Physical controls include lock on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters.
It is imperative to remember that Information security is the preservation of secrecy and integrity in the storage and transmission of information. Whenever information of any sort is obtained by an unauthorized party, information security has been breached. Breaches of information security can be grouped into five basic classes: (1) interception of messages; (2) theft of stored data; (3) information sabotage; (4) spoofing (i.e., using stolen information to pose as somebody else); and (5) denial of service (i.e., deliberate shutdown of cash machines, electric-supply grids, air-traffic control networks, or the like).
I do believe that the implementation of policies such as Issue-Specific policy and program policy through Administrative controls can mitigate issues surrounding technical and physical controls.
How would the absence of Administrative Controls affect projects in the IT department?
Firms need to establish an appropriate organizational and managerial framework for security and control to use technologies effectively to protect their information resources. An IT project has a minimum chance of surviving without the presence of Administrative controls. An unbounded system can be composed of bounded and unbounded systems connected together in a network. Although the security policy of an individual bounded system cannot be fully enforced outside of the boundaries of its administrative control, the policy can be used as a yardstick to evaluate the security state of that bounded system. Of course, the security policy can be advertised outside of the bounded system; but administrators are severely limited in their ability to compel or persuade outside individuals or entities to follow it.
Policies and procedures play an important role in the effective implementation of enterprise-wide information programs within the federal government and the success of the resulting security measures employed to protect federal information and information systems. As a result, organizations must develop formal, documented policies and procedures governing the minimum security requirements standard and must ensure their effective implementation through Administrative controls.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download