Essays.club - Get Free Essays and Term Papers
Search

How Do Administrative Controls Demonstrate "due Care"?

Autor:   •  February 22, 2018  •  842 Words (4 Pages)  •  465 Views

Page 1 of 4

...

know what ports and protocol to block if there are no Administrative Controls that dictate such guidance? Additionally, without any policies, guidelines, or procedure it would be nearly impossible to know how and what to protect. Another example of how administrative controls influence technical and physical controls is with computer registration for access to the computer. Computer registration is an administrative control that ensures that all users are formally registered and are properly authorized for system and service access.

4. How would the absence of Administrative Controls affect projects in the IT department?

Absence of administrative controls would affect projects in the IT department negatively since without controls, projects lose the CIA triad needed in Information Technology (IT). The reason that the absence of these controls impacts projects is that any project within the IT department touches and or manipulates organizational data. Since administrative controls contain policy and procedures defined by senior management on how organizational data will be secured, the absence of such policies and procedures means that there is no framework in place to provide guidance on how security will play a role or be impacted by any project.

This should also result in making it a higher organizational priority which could result in more money being budgeted for the IT department. The increased budget along with upper management awareness and involvement can result in more high priority IT department projects.

Reference:

Guttman, B., & Roback, E. (2005). An Introduction to Computer Security: The NIST Handbook. Washington, D.C: U.S. Government Printing Office.

Tipton, H. F., (n.d.). Access Control Principles and Objectives: Types of Information Security Controls. Retrieved from https://www.cccure.org/Documents/HISM/003-006.html

US Legal. (2015). Due Care Law and Legal Definition. Retrieved from http://definitions.uslegal.com/d/due-care/

Warner, R. (2004). Information Security and Section 404 of the Sarbanes-Oxley Act. Retrieved from http://www.sans.org/reading_room/whitepapers/legal/information-security-section-404-sarbanes-oxley-act_1582

WiseGeek. (2015). What is Due Care? Retrieved from http://www.wisegeek.com/what-is-due-care.htm

...

Download:   txt (6.1 Kb)   pdf (47.2 Kb)   docx (12.9 Kb)  
Continue for 3 more pages »
Read Full Essay Save to my library
Only available on Essays.club