Free Essay

Administrative Controls

In: Computers and Technology

Submitted By taz10050
Words 1204
Pages 5
| Administrative Controls | | | Administrative controls are basically directives from the senior management that provide the essential framework for the organizations security infrastructure. Administrative controls consist of the procedures that are implemented to define the roles, responsibilities, policies and various administrative functions that are required to manage the control environment as well as necessary to oversee and manage the confidentiality, integrity and availability of the organizations information assets. Administrative controls can range from very specific to very broad and can vary depending on the organizational needs, particular industry, and legal implications. Administrative controls can generally be broken down into six major categories which include operational policies and procedures, personnel security, evaluation, and clearances, security policies, monitoring, user management, and privilege management. Ultimately, the senior management within an organization must decide what role security will play within the organization and define the security goals and directives.
Due care by definition is the care that an ordinary and reasonable person would take over their own property or information. An example of this would for a person to place documents that contain sensitive information such as social security cards, passports, etc. in a locked safe within their home. This measure is taken to ensure that only those individuals with authorized access can obtain those documents and view the sensitive information. Due care is a legal concept that is used to assist in determining the level of liability in a court of law. If it is determined that due care was taken then the probability of being found negligent and therefore being held liable for an incident taken place is much lower. Administrative controls key to the practice of due care. As stated in the previous paragraph, administrative controls are the essential framework for the organizations security infrastructure provided by senior management. Under the Federal Sentencing Guidelines, senior officials can be held personally liable if their organization fails to comply with any applicable laws and exercise due care. Through the application of administrative controls, senior management is able to set policies and procedures that outline how the organization will protect its informational assets. This in turn will provide guidance on the various methods that can be used from technical implementations, physical access to end user training that will be used to ensure the protection of the organizations information.
When the senior management within an organization fails to implement any form of administrative controls, they fail to set the necessary framework required to protect the organizations information. This failure on the part of the senior management not only opens the organization for liability issues, but also members of the senior management as they can be help personally liable for failure to take the necessary steps to ensure the protection of the information under their control. By failing to implement any form of administrative controls within the organization, then any security framework would cease to exist. Without this security framework, the necessary steps that are required to protect any information cannot be taken, therefore there is a lack of due diligence which therefore translates to a lack of due care. So since due care is a legal concept that is used to assist in determining the level of liability in a court of law, when there is a lack of due care then the organization and their senior managers can more than likely would be held fully liable for any and all damages that result from any incident that would take place.
Since administrative controls are the essential framework for the organizations security infrastructure they play an extremely important role in the choice of technical and physical controls that are put in place. For example, in the military where information has different classifications the requirements to have access to that information both physically and technically differ than information of a lower classification. How the information is classified and the requirements for access to various levels of classification are outlined by senior officials in administrative controls. Unclassified information, which can be accessed and obtained by everyone, has different technical and physical controls in place verses information that is classified as Secret or Top Secret. Without these administrative controls being defined by senior officials, the various types of information would not be able to be placed into a classification category such as unclassified, classified secret or classified top secret and the appropriate access controls, both physical and technical, could not be implemented to control access to the information.
The absence of administrative controls even impacts the various projects within the IT department. The reason that the absence of these controls impacts projects is that any project within the IT department touches and or manipulates organizational data. Since administrative controls contain policy and procedures defined by senior management on how organizational data will be secured, the absence of such policies and procedures means that there is no framework in place to provide guidance on how security will play a role or be impacted by any project. An example of how administrative controls affect an IT project would be the collapse and consolidation of a datacenter. As organizations look at ways to cut costs, many organizations look toward the concept of virtualization. Although relatively expensive to implement, the long term savings on equipment, power and cooling are quite considerable. However, going to a consolidated or collapsed datacenter that is virtualized provides some unique security challenges in and of itself. With information being consolidated and roles and responsibilities begging to cross, the lack of administrative controls makes it extremely difficult to define the lines or boundaries necessary to implement an effective security plan in the new environment. Although securing the data is a small portion of the overall project, not having a clear and concise understanding of the security needs to ensure that the organizational data is protected will stop the project in its tracks. This concept is not only true in the situation that I have outlined, but also true for any project that would take place in the IT department. Without definitive guidelines on how organizational data is to be protected it is impossible to ensure that any project initiated will be able to implement the proper technical and physical controls needed to protect the organizational data.
As we can see from the previous paragraphs administrative controls are truly the foundation of security for any organization and without the proper foundation, it is virtually impossible to implement any form of security within an organization. Much like a house or building must have a foundation to start from in order to be built properly, so to must organizational security. If the house or building is built without the proper foundation it will be unstable and fail. The same concept applies to security within an organization. When no administrative controls are clearly defined any other aspects of the organizations security are bound to fail due to the lack of appropriate guidance and support from senior management.

References

F.Tipton, H. (2010). Official (ISC)2 Guide to the CISSP CBK, Second Edition. Boca Raton, FL: Auerback Publications.
Harris, S. (2010). CISSPAll-in-One Exam Guide, Fifth Edition. New York, NY: McGraw-Hill.
Miller, L., & Gregory, P. H. (2010). CISSP for Dummies. Hoboken, NJ: Wiley Publishing.

Similar Documents

Premium Essay

Administrative Accountability

...Administrative accountability There have been regular attempts at administrative reforms and innovation, both at the Centre and in the States, including starting new institutions and systems in India since 1947. Although the results have been strong on assurances and weak on performance. Thus the results have not been commensurate with our hopes and needs. Further, besides persistence of problems of administration with increasing severity, we have also witnessed in succeeding decades acceleration in the process of degeneration in our socio-economic-political and administrative scenario. Today the situation has become so alarming now that even the law and order situation in many parts of the country, rural as well as urban, presents a depressing picture Today people expect a prompt and effective response to their problems and concerns in this Information Technology era. As the Public Administration machinery expands and becomes more complex, the need for holding it properly accountable is more acutely felt principal problem of governmental administration today is not one of securing efficiency but one of insuring accountability; In India the assumption in the context of democracy, is that the civil servants work for the people. But the problem of locating accountability therefore becomes acute because of the nature of the job performed and power exercised by the civil servants. Today they are no longer confined to the job of implementing the policies and executing the......

Words: 647 - Pages: 3

Premium Essay

Administrative Ethics

...of 1996, the Health Insurance Portability and Accountability Act (HIPPA) were passed into law (Van der Aa, 2000). The law is intended to improve the efficiency and effectiveness of the health care system by standardizing how to exchange data for specific administrative and financial transactions, while protecting the security and confidentiality of that information (Van der Aa, 2000). The areas addressed for HIPPA are: • Concerns that disclosure of patient medical records could result in embarrassment, insurance declination, loss of employment, or failure to be hired in a new job; • Increasing costs of data exchange in an incompatible and often competing standards environment to exchange administrative and financial data; • Implement processes and systems to reduce fraud (Van der Aa, 2000). HIPPA was signed into law, to help create a standard that will protect patient’s medical records and personal health records. This act is to help the health care employees have more control of a patient’s information and its privacy. This act also gives the patient the right to control their own information. Apart from the right to inspect, amend and correct their confidential health information, patients now have the right to control what information can be released and to whom (Van der Aa, 2000). The following case study is an opportunity to review ethical issues relative to confidentiality. This case study is a backdrop for the ethical analysis of issues by an administrator......

Words: 1750 - Pages: 7

Premium Essay

Administrative Controls

...Week 2: Administrative Controls SE578 – Prof. Joseph Constantini By David Truong (D00571438) 1/18/2013 Table of Contents How do Administrative Controls demonstrate “due care?” 3 How does the absence of Administrative Controls impact corporate liability? 3 How do Administrative Controls influence the choice of Technical and Physical Controls 4 How would the absence of Administrative Controls affects prigects in the IT department 4 Summary 5 Reference 6   How do Administrative Controls demonstrate "due care?" Administrative Controls are guidelines that is set up by management in order to meet the standard that shows that how he company has taken precaution to prevent malicious intent as well as prevention against malicious intent. The controls that are implemented must show a degree in which the process is common and assist in the fortifying the company’s ability to prove its willingness to take action on correcting weaknesses within the company. This idea is also known as “due care.” They must include controls that contribute to individual accountability, ability to audit, and separation of duties. Administrative Controls can be identified with two specific category: detective administrative controls and preventative administrative controls. Ultimately, the purpose of Administrative Controls is to show that the company has taken the necessary precaution, the “due care,” to protect the confidentiality, integrity and......

Words: 896 - Pages: 4

Premium Essay

Administrative Control Paper

...This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the business process(es) the system supports, and by using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine business processes and recovery criticality. Business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume business processes......

Words: 1287 - Pages: 6

Premium Essay

Administrative Controls

...How do Administrative Controls demonstrate “due care?” First, the definition of “due care” is the care that a reasonable man would exercise under the circumstances; the standard for determining legal duty. In the case of an information system, due care is a legal yardstick used to examine whether an organization took reasonable precautions to protect the Confidence, Integrity, and Availability (CIA) of an information system in a court of law. Organizations use Administrative Controls whereas management creates policies, standards and guidelines as well as a training and enforcement programs to ensure that the policies, standards and guidelines are being followed in order to protect the CIA of information within their information system. A lack of administrative controls suggests that management is negligent in understanding its responsibility to protect the information system usually contributing to theft, loss, or aid of a crime. How does the absence of Administrative Controls impact corporate liability? I feel that the absence of Administrative Controls would have a negative impact on corporate liability. If an organization handles Personal Identity Information (PII), whether personal, financial, or medical, they are legally responsible for the safe keeping of this information. Not having administrative controls in place to safeguard this information, an organization could be held liable should theft, loss or aid of a crime occur. Legislative actions such as the......

Words: 591 - Pages: 3

Free Essay

Administrative Regulation

...Week 2 Homework-Administrative Regulations K’Asha Nesbitt November 9, 2013 1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interest you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? The Department of Health and Human Services as well as the Food and Drug Administration controls the regulation. This particular regulation interests me because I am a Systemic Lupus Erythematous (SLE) patient and I have been suffering from this illness for over 10 years. There is a chance that somewhere in the near future I could develop Lupus Nephritis (LN) (renal disease stemming from SLE). Yes, this regulation could affect me in a positive manner. If the FDA approves treatment and new drugs to help suppress SLE, this could mean less people will develop LN. 2. Describe the proposal/change. The proposal is to create guidance for unmet medical needs for more effective and less toxic treatments. This proposal will help to develop human drugs, therapeutic biological products and medical devices for the treatment of Lupus Nephritis caused by Systemic Lupus Erythematous (SLE). 3. Write the public comment that you would have written. Explain briefly what you wish to accomplish with your comment. My comment is that more people are developing this debilitating disease and there aren’t many drugs and treatments that help to suppress the inflammation. I was......

Words: 836 - Pages: 4

Premium Essay

Administrative Controls

...January 17, 2015 SEC578 Keller Grad School Of Mgmt   How do Administrative Controls demonstrate “due care”? To better answer this question lets define “Administrative Controls” and “Due Care.” Administrative Controls can be the defined as direction or exercise of authority over subordinate or other organizations in respect to administration and support, including control of resources and equipment, personnel management, unit logistics, individual and unit training, readiness, mobilization, demobilization, discipline, and other matters, while Due Care is the degree of care that a person of ordinary prudence and reason (a reasonable man) would exercise under given circumstances. With this understanding we can see that Administrative Controls establish the ground work for an employee to understand and be able to do their job in accordance to the company’s policies and procedures. Administrative controls consist of approved written policies, procedures, standards and guidelines. Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls. Some industry sectors have policies, procedures, standards and guidelines that must be followed – the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy of Gramm-Leach-Bailey......

Words: 2056 - Pages: 9

Premium Essay

Administrative Agencies

...Administrative Agencies This write-up expounds on Group Four’s perspective of how agencies in the United States of America affect our lives. The group has provided a list of agencies that play similar and at times very different roles in ensuring the quality of life we have come to expect is never compromised. The write-up explains some of Group Four members’ real life experiences, offering recommendations as to how one should address the negative impact(s) a particular agencies has had on his or her life. Lastly, the write-up explains the role of the courts in address any negative experiences any individual may have had with any of the agencies and the limitations of the courts’ review of the agencies decisions that lead to the negative impact. Which agencies regulate some aspect of your lives? The longer the list, the more interesting this exercise should be, so take some time to brainstorm a thorough answer to this question. Federal Agencies CDC Centers for Disease Control and Prevention EEOC United States Equal Employment Opportunity Commission EPA United States Environmental Protection Agency FAA Federal Aviation Administration FCC Federal Communications Commission FDA Food and Drug Administration FDIC Federal Deposit Insurance Corporation FED Board of Governors of the Federal Reserve System FTC Federal Trade Commission HHS United States Department of Health and Human Services HRSA Health Resources and Services......

Words: 2314 - Pages: 10

Premium Essay

Administrative Law

...LAW 443 ADMINISTRATIVE LAW I NATIONAL OPEN UNIVERSITY OF NIGERIA SCHOOL OF LAW COURSE CODE: Law 443 COURSE TITLE: Administrative Law I 1 LAW 443 ADMINISTRATIVE LAW I Course Code: Course Title: Course Developer/Writer: Administrative Law I Law 443 Simeon Igbinedion, LL.B., LL.M., B.L., PH.D., Faculty of Law, University of Lagos. Professor Animi Awah Ifidon Oyakhiromen, LL.B, LLM, M.Phil, Ph.D, BL Course Editor: AG. Dean,/Programme Leader: Course Coordinator: Mr. Ayodeji ige, LLM, BL 2 LAW 443 ADMINISTRATIVE LAW I COURSE GUIDE CONTENTS PAGE Introduction ……………………………………………………………………….. 1 What You Will Learn in this Course …………………………………………….... 2 Course Aims ………………………………………………………………………. 3 Course Objectives ………………………………………………………………… 3 Study Units ……………………………………………………………………….. 3-4 Tutor-marked Assignment ……………………………………………………....... 4 References/Further Reading ……………………………………………...……. 4 3 LAW 443 ADMINISTRATIVE LAW I Introduction Consider a situation where your residential property in which you have lived for decades has been demolished by the authorities of the FCT, or the Lagos State Ministry of Environment for allegedly being located in an industrial area. Suppose some customs officers at a checkpoint found you in possession of items which they claim to be contraband and, therefore, seized pursuant to the new Customs policy of zero-tolerance of goods likely to endanger the economic growth or contribute to......

Words: 42593 - Pages: 171

Premium Essay

Administrative Agencies

...Aviation Law Section 8.) Administrative Agencies Assignment: Administrative Agencies Introduction As the aviation industry and environment has evolved over the years, the importance of administrative agencies has increased. Some of the driving forces behind this change in importance include the rapid development of new technologies, the desire to increase safety, and environmental concerns such as increased efficiency. Instructions For this assignment, complete the following: Research the roles of the Federal Aviation Administration (FAA), National Transportation Safety Board (NTSB), and Department of Transportation (DOT). Answer the following questions: 1. Explain the role of the FAA and why you think it is or isn't necessary. 2. Explain the role of the NTSB in aviation and why you think it is or isn't necessary. 3. Explain the role of the DOT in aviation and why you think it is or isn't necessary. 1. Explain the role of the FAA and why you think it is or isn’t necessary. Answer: The FAA was not always known as the FAA. It sprung up as a result from the Civil Aeronautics Act by relieving its responsibilities from the Commerce Department and formed its own Civil Aeronautics Authority. Roosevelt later divided the agencies into the Civil Aeronautics Administration and Civil Aeronautics Board in 40’s. As a result of jet travel and accidents the Federal Aviation Act of 1958 brought forth the FAA. The main roles of the FAA is to regulate air......

Words: 620 - Pages: 3

Premium Essay

Administrative

...Administrative Ethics Jennifer Coetzee 11/26/12 HCS/335 Susan Morgan Administrative Ethics: There are so many issues in today’s society of administration in the health field. As technology progresses more and more issues continue to arise. Among the many issues in current administrative ethics the healthcare field faces today the most common issue that I found in my research is the issue of confidentiality and privacy of the patients. Even more today than there has been before keeping patients records private has become more and more difficult. There are different levels of information that can be affected. According to nursingworld.org the administrator protects information that is private, secret or privileged. This means that not all information is medical information about the patient but also information about the payroll or other contact information about the patient and the staff. This also would include information the patient does want their doctor to know about them which would be more privileged information and things they do not want their doctors to share with others. One of the main issues with keeping such information confidential according to the article Administrative Ethics and Confidentiality/Privacy Issues on nursingworld.org is that most often younger people are working in offices that do not respect or have accurate knowledge of the privacy laws such as HIPPA. Hippa is a government list of regulation and rules to abide by in any medical......

Words: 1311 - Pages: 6

Premium Essay

Administrative Functions

...Administrative functions Administrators, broadly speaking, engage in a common set of functions to meet the organization's goals. These "functions" of the administrator are described as follows. * Planning - is deciding in advance what to do, how to do it, when to do it, and who should do it. It maps the path from where the organization is to where it wants to be. The planning function involves establishing goals and arranging them in a logical order. Administrators engage in both short-range and long-range planning. * Organizing - involves identifying responsibilities to be performed, grouping responsibilities into departments or divisions, and specifying organizational relationships. The purpose is to achieve coordinated effort among all the elements in the organization (Coordinating). Organizing must take into account delegation of authority and responsibility and span of control within supervisory units. * Staffing - means filling job positions with the right people at the right time. It involves determining staffing needs, writing job descriptions, recruiting and screening people to fill the positions. * Directing (Commanding) - is leading people in a manner that achieves the goals of the organization. This involves proper allocation of resources and providing an effective support system. Directing requires exceptional interpersonal skills and the ability to motivate people. One of the crucial issues in directing is to find the correct balance......

Words: 299 - Pages: 2

Free Essay

Administrative Controls

...Administrative Controls How do Administrative Controls Demonstrate Due Care Administrative controls entail several items including procedures, written policies, specific principles, guidelines, and trainings that are established to control the actions of individuals. Administrative controls actually classify the human factors of security and encompass every level of personnel within a company. This is how access is decided for every user; it’s based on the needs of the business. In terms of due care, this is a reflection of responsibility a company has taken for their actions within their company to provide the necessary protection. Due care is evident through specific controls established to confirm management is cognizant of the activities in their company. For example, I work for a healthcare company and controls are set in place to block all social networking sites from being accessed on the company network. This provides protection for the employees from accessing non-company related materials and it decreases the company’s chances malicious activity caused by accessing those sites. We also participate in employee trainings, which is also considered an administrative control. This is considered due care because we are trained to understand policies and procedures. When we start all training sessions, there are forms we have to complete stating that we are entering a specific course and we receive documentation at the end of the training session to reflect......

Words: 1040 - Pages: 5

Premium Essay

Administrative Controls

...Administrative Controls Paper 1. How do Administrative Controls demonstrate "due care?" Administrative controls demonstrate “due care” because they are controls that meet a standard considered reasonable by most organizations that share similar backgrounds or work environments. Administrative controls that meet the standard of “due care” generally are easily achievable for an acceptable cost and reinforce the security policy of the organization. They must include controls that contribute to individual accountability, auditability, and separation of duties. Administrative controls define the human factors of security and involve all levels of personnel within an organization. They determine which users have access to what organizational resources and data. Administrative controls can be broken down into two categories: preventive administrative controls and detective administrative controls. Preventive administrative controls are techniques designed to control personnel’s behavior to assure the confidentiality, integrity, and availability of organizational information. Some examples of preventive administrative controls are: security awareness and technical training, separation of duties, disaster preparedness and recovery plans, terminating and recruiting procedures, and user registration for computer access. 2. How does the absence of Administrative Controls impact corporate liability? The absence of administrative controls will have a negative impact on corporate......

Words: 902 - Pages: 4

Free Essay

Administrative Regulation

...1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interests you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? Submit a copy of the proposed regulation along with your responses to these five questions. The proposed regulation can be submitted as either a separate Word document (.doc) or Adobe file (.pdf). This means you will submit two attachments to the Week 2 Dropbox: (a) a Word document with the questions and your answers and (b) a copy of the proposed regulation you used for this assignment. (10 points) After the events of 9/11, I developed a strong interest in security and protection from terrorism. Once President Bush announced the establishment of the Department of Homeland Security, I became even more intrigued, with thousands of questions flooding my mind. Will this department guarantee 100% protection? How will the lines of communication between government officials/law enforcement personnel strengthen or weaken? What type of strategies will the department be capable of implementing? More important, will there be a sacrifice of rights/freedoms with this new development? This last question is what peaked my interest in my choice of regulation: U.S. Customs and Border Protection’s proposal of a new intelligence system of records (Analytical Framework for Intelligence or AFI) and it’s notice of exemption from the 1974 Privacy Act. ......

Words: 866 - Pages: 4