Administrative controls

The actions or controls dealing with operational effectiveness, efficiency, and adherence to regulations and management policies.

Similar items:
A detailed process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk. Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; costbenefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. (NIST Special Pub 80053)The discipline of identifying and measuring security risks associated with an information system, and controlling and reducing those risks to an acceptable level. The goal of risk management is to invest organizational resources to mitigate security risks in a costeffective manner, while enabling timely and effective mission accomplishment. Risk management is an important aspect of information assurance and defenseindepth.
Regulations that cover a range of topics from procedures to be used within a federal agency to immigration policies that will be used to enforce the laws passed by Congress. Administrative law is published in the Code of Federal Regulations (CFR).
The method of safeguarding business assets, including verifying the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational policies and procedures.
Categories of access controls. Preventive controls attempt to prevent security incidents from occurring, detective controls attempt to discover incidents after they’ve occurred, and corrective controls attempt to correct any problems caused by detected incidents. Other control types include recovery, deterrent, directive, and compensation access controls. Controls are implemented using administrative, logical/ technical, or physical means.
Evaluations performed with the purpose of demonstrating the effectiveness of controls to a third party. Security audits use many of the same techniques followed during security assessments but must be performed by independent auditors. The staff members who design, implement and monitor controls for an organization have an inherent conflict of interest when evaluating the effectiveness of those controls.

There are no comments yet.

Authentication required

You must log in to post a comment.

Log in