ReviewEssays.com - Term Papers, Book Reports, Research Papers and College Essays
Search

How Do Administrative Controls Demonstrate "due Care"?

Essay by   •  June 21, 2017  •  Research Paper  •  835 Words (4 Pages)  •  1,071 Views

Essay Preview: How Do Administrative Controls Demonstrate "due Care"?

Report this essay
Page 1 of 4

1. How do Administrative Controls demonstrate "due care?"

Due care is a legal standard that establishes a duty for people or any organization to act in a reasonable manner based upon the circumstances of a particular situation. This means that a person or organization’s conduct must not cause unreasonable harm to anyone else. It refers to the level of judgment, care; prudence, determination, and activity that a person would reasonably be expected to do under particular circumstances. The precise definition is usually made on a case-by-case basis, judged upon the law and circumstances in each case.

Administrative controls consist of policy, technique, clear codes, guidance, and instructions that are put into place to regulate the actions of individuals. Administrative controls demonstrate due care by placing the essential policies, procedures, and practices to reinforce policies of the organization. These controls are allocated into various features from access list to control spaces, password and user id for employees and separation of duties to ensure you reduce the risk of data security.

The administrative controls that we will look at provide assurance of confidentiality, integrity, and availability of information through guidelines and standards. Administrative controls fall into two categories either preventive and detective, these controls illustrate the CIA triad of protection of integrity of resources, availability of assets (computer uptime), or confidentiality employee controlled access.

2. How does the absence of Administrative Controls impact corporate liability?

The absence of administrative control does impact corporate liability, mainly during a compliance review it is determined that the organization has not regulated any steps to successfully decrease the occurrences of protection issues and not dividing responsibilities in main positions. If such administrative controls, policies and procedures are lacking, the organization suffers from reliability concerns, and/or be accountable to shareholders as well as penalizes for non-compliance; either in financial or information security issues.

The Sarbanes-Oxley Act, Title IV section 404 that “requires all publicly traded companies to confirm that they have effective internal controls.” In any legal complications, an absence of Administrative controls reveals the company’s awareness and carefulness against the security and competency to retain private information.

3. How do Administrative Controls influence the choice of Technical and Physical Controls?

Administrative Controls influence the choice of Technical and Physical Controls by selecting the appropriate security processes and procedures to efficiently handle critical events in an organization. Without such guidance and control measures, there would be no foundation on which that controls can be built upon. Security policies are key to the establishment of a comprehensive information security program that includes technical and physical controls and are usually the first step in IT security.

Policies should define all controls; administrative, technical, and physical and how these controls are implemented and maintained. Security policies can cover access control, audits, roles and responsibilities, intrusion detection systems, anti-virus, passwords, smart cards, locks and keys, and biometric access controls.

Physical security is the use of locks, security guards, badges, alarms, and similar measures to control access to computers, related equipment (including utilities), and the processing facility itself. In addition, measures are required for protecting computers, related equipment, and their contents from espionage, theft, and destruction or damage by accident, fire, or natural disaster (e.g., floods and earthquakes).

For example, how would an IT Administrator

...

...

Download as:   txt (6.1 Kb)   pdf (48.5 Kb)   docx (10.9 Kb)  
Continue for 3 more pages »
Only available on ReviewEssays.com