Free Essay

Administrative Controls

In:

Submitted By myringsoutside
Words 1040
Pages 5
Administrative Controls

How do Administrative Controls Demonstrate Due Care

Administrative controls entail several items including procedures, written policies, specific principles, guidelines, and trainings that are established to control the actions of individuals. Administrative controls actually classify the human factors of security and encompass every level of personnel within a company. This is how access is decided for every user; it’s based on the needs of the business. In terms of due care, this is a reflection of responsibility a company has taken for their actions within their company to provide the necessary protection. Due care is evident through specific controls established to confirm management is cognizant of the activities in their company. For example, I work for a healthcare company and controls are set in place to block all social networking sites from being accessed on the company network. This provides protection for the employees from accessing non-company related materials and it decreases the company’s chances malicious activity caused by accessing those sites. We also participate in employee trainings, which is also considered an administrative control. This is considered due care because we are trained to understand policies and procedures. When we start all training sessions, there are forms we have to complete stating that we are entering a specific course and we receive documentation at the end of the training session to reflect we have completed the course. All of these controls exhibit individual accountability and separation of duty, which is extremely important to consider in terms of controls.

How Does the Absence of Administrative Controls Impact Corporate Liability

The absence of administrative controls will certainly reflect a negative connotation on corporate liability. This is a direct reflection on the company and their lack of due diligence by not implementing the proper controls to create a sound work environment. When proper controls are not executed, the company is highly susceptible to lawsuits and fines for breach of security or safety. For example, my job contains many employees that deal with extremely sensitive information pertaining to our valued members. Many of our Case Managers work closely with members on Medicare and Medicaid. The documentation for these members are very detailed in terms of their conditions, treatments, and action plans. This information is protected by the company network and several methods of verification have to be entered in order to gain access to this information. If the proper controls were not set in place to protect the information of the members, it could be accessed easily by an outside source and it would be devastating for our company to have this information released publicly. This would lead to our company being held liable for information being leaked and it could cause significant fines along with a very damaging reputation. As a healthcare company, we are mandated with the responsibility of protecting the sensitive information of our members by ensuring the proper controls are set in place that will allow us to deliver the protection we promote. This is another reason why all workers are encouraged to only use printed materials with members’ information only when absolutely necessary. We are highly encouraged to utilize all our resources on our company devices to avoid paperwork landing in the wrong hands. However, leaving sensitive member information out and available for anybody to gain access to would fall in the category of negligence and carelessness from the user as opposed to the company. Although, it would be the fault of the user, the company would still be negatively impacted.

How do Administrative Controls Influence the Choice of the Technical and Physical Controls

Administrative controls play an essential role in the influence of the choice of technical and physical controls. Although the technical and physical controls are extremely critical, they completely rely on the establishment of administrative controls that have already been established. Administrative controls determine the procedures and measures; on the other hand, physical and technical controls are the materials and systems that are necessary in executing the procedures. The administrative controls actually decipher the state of a physical or technical control. For example, when you come into my office building, there are several entry points to the actual building, but you need an ID card to get into the workspaces. This is set in place to protect the access to company devices with sensitive member information. If the proper control measures are not are not in place to safeguard this information, then the physical controls such as the ones that allow us entry with our ID badges have absolutely no meaning. This is similar to having your doors locked on your car, but the windows are down. The doors are locked, but the items in your ear are easily accessible because the windows are down.
How Would the Absence of Administrative Controls Affect Projects in the IT Department

The absence of administrative controls will severely affect projects in the IT department.

These projects are highly sensitive and have many concerns when it comes to stored information. The majority of this information should be restricted and only intended for designated users in the IT department. This is why it is so critical for administrative controls to be established; in effort to control the users accessing certain information. When the administrative controls are absent, critical information can be exposed which would put the project in jeopardy. Having the proper controls in place is a direct reflection on the overall success of the project. When the administrative controls are absent, limitations are placed on the IT department, which makes it virtually impossible to complete their tasks. This is another circumstance of how a company could have legal action taken against them from lack of administrative controls. Unfortunately, certain legal actions might have a large impact on the company and they might not be able to recover. The proper administrative measure will increase the probability of success.

References Tierney, C. E. (2006). OMB Circular A-123 and Sarbanes-Oxley: Management’s Responsibility for Internal Control in Federal Agencies. Hoboken, NJ: J, Wiley Huang, W., Siau, K., & Wei, K. K. (2005). Electronic Government Strategies and Implementation. Hershey, PA: Idea Group Pub Lahti, C. B. (2007). Sarbanes-Oxley Compliance Using Open Source Tools. Burlington, MA: Syngress Publishing, Inc.

Similar Documents

Premium Essay

Administrative Controls

...January 17, 2015 SEC578 Keller Grad School Of Mgmt   How do Administrative Controls demonstrate “due care”? To better answer this question lets define “Administrative Controls” and “Due Care.” Administrative Controls can be the defined as direction or exercise of authority over subordinate or other organizations in respect to administration and support, including control of resources and equipment, personnel management, unit logistics, individual and unit training, readiness, mobilization, demobilization, discipline, and other matters, while Due Care is the degree of care that a person of ordinary prudence and reason (a reasonable man) would exercise under given circumstances. With this understanding we can see that Administrative Controls establish the ground work for an employee to understand and be able to do their job in accordance to the company’s policies and procedures. Administrative controls consist of approved written policies, procedures, standards and guidelines. Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls. Some industry sectors have policies, procedures, standards and guidelines that must be followed – the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy of Gramm-Leach-Bailey (GLB)...

Words: 2056 - Pages: 9

Premium Essay

Administrative Controls

...Week 2: Administrative Controls SE578 – Prof. Joseph Constantini By David Truong (D00571438) 1/18/2013 Table of Contents How do Administrative Controls demonstrate “due care?” 3 How does the absence of Administrative Controls impact corporate liability? 3 How do Administrative Controls influence the choice of Technical and Physical Controls 4 How would the absence of Administrative Controls affects prigects in the IT department 4 Summary 5 Reference 6   How do Administrative Controls demonstrate "due care?" Administrative Controls are guidelines that is set up by management in order to meet the standard that shows that how he company has taken precaution to prevent malicious intent as well as prevention against malicious intent. The controls that are implemented must show a degree in which the process is common and assist in the fortifying the company’s ability to prove its willingness to take action on correcting weaknesses within the company. This idea is also known as “due care.” They must include controls that contribute to individual accountability, ability to audit, and separation of duties. Administrative Controls can be identified with two specific category: detective administrative controls and preventative administrative controls. Ultimately, the purpose of Administrative Controls is to show that the company has taken the necessary precaution, the “due care,” to protect the confidentiality, integrity and availability...

Words: 896 - Pages: 4

Free Essay

Administrative Controls

...| Administrative Controls | | | Administrative controls are basically directives from the senior management that provide the essential framework for the organizations security infrastructure. Administrative controls consist of the procedures that are implemented to define the roles, responsibilities, policies and various administrative functions that are required to manage the control environment as well as necessary to oversee and manage the confidentiality, integrity and availability of the organizations information assets. Administrative controls can range from very specific to very broad and can vary depending on the organizational needs, particular industry, and legal implications. Administrative controls can generally be broken down into six major categories which include operational policies and procedures, personnel security, evaluation, and clearances, security policies, monitoring, user management, and privilege management. Ultimately, the senior management within an organization must decide what role security will play within the organization and define the security goals and directives. Due care by definition is the care that an ordinary and reasonable person would take over their own property or information. An example of this would for a person to place documents that contain sensitive information such as social security cards, passports, etc. in a locked safe within their home. This measure is taken to ensure that only those individuals with authorized...

Words: 1204 - Pages: 5

Premium Essay

Administrative Controls

...Administrative Controls Paper 1. How do Administrative Controls demonstrate "due care?" Administrative controls demonstrate “due care” because they are controls that meet a standard considered reasonable by most organizations that share similar backgrounds or work environments. Administrative controls that meet the standard of “due care” generally are easily achievable for an acceptable cost and reinforce the security policy of the organization. They must include controls that contribute to individual accountability, auditability, and separation of duties. Administrative controls define the human factors of security and involve all levels of personnel within an organization. They determine which users have access to what organizational resources and data. Administrative controls can be broken down into two categories: preventive administrative controls and detective administrative controls. Preventive administrative controls are techniques designed to control personnel’s behavior to assure the confidentiality, integrity, and availability of organizational information. Some examples of preventive administrative controls are: security awareness and technical training, separation of duties, disaster preparedness and recovery plans, terminating and recruiting procedures, and user registration for computer access. 2. How does the absence of Administrative Controls impact corporate liability? The absence of administrative controls will have a negative impact on corporate liability...

Words: 902 - Pages: 4

Premium Essay

Administrative Controls

...How do Administrative Controls demonstrate “due care?” First, the definition of “due care” is the care that a reasonable man would exercise under the circumstances; the standard for determining legal duty. In the case of an information system, due care is a legal yardstick used to examine whether an organization took reasonable precautions to protect the Confidence, Integrity, and Availability (CIA) of an information system in a court of law. Organizations use Administrative Controls whereas management creates policies, standards and guidelines as well as a training and enforcement programs to ensure that the policies, standards and guidelines are being followed in order to protect the CIA of information within their information system. A lack of administrative controls suggests that management is negligent in understanding its responsibility to protect the information system usually contributing to theft, loss, or aid of a crime. How does the absence of Administrative Controls impact corporate liability? I feel that the absence of Administrative Controls would have a negative impact on corporate liability. If an organization handles Personal Identity Information (PII), whether personal, financial, or medical, they are legally responsible for the safe keeping of this information. Not having administrative controls in place to safeguard this information, an organization could be held liable should theft, loss or aid of a crime occur. Legislative actions such as the Gramm-Leach-Blailey...

Words: 591 - Pages: 3

Premium Essay

Administrative Control Paper

...This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the business process(es) the system supports, and by using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine business processes and recovery criticality. Business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume business processes and...

Words: 1287 - Pages: 6

Premium Essay

Administrative Law

...LAW 443 ADMINISTRATIVE LAW I NATIONAL OPEN UNIVERSITY OF NIGERIA SCHOOL OF LAW COURSE CODE: Law 443 COURSE TITLE: Administrative Law I 1 LAW 443 ADMINISTRATIVE LAW I Course Code: Course Title: Course Developer/Writer: Administrative Law I Law 443 Simeon Igbinedion, LL.B., LL.M., B.L., PH.D., Faculty of Law, University of Lagos. Professor Animi Awah Ifidon Oyakhiromen, LL.B, LLM, M.Phil, Ph.D, BL Course Editor: AG. Dean,/Programme Leader: Course Coordinator: Mr. Ayodeji ige, LLM, BL 2 LAW 443 ADMINISTRATIVE LAW I COURSE GUIDE CONTENTS PAGE Introduction ……………………………………………………………………….. 1 What You Will Learn in this Course …………………………………………….... 2 Course Aims ………………………………………………………………………. 3 Course Objectives ………………………………………………………………… 3 Study Units ……………………………………………………………………….. 3-4 Tutor-marked Assignment ……………………………………………………....... 4 References/Further Reading ……………………………………………...……. 4 3 LAW 443 ADMINISTRATIVE LAW I Introduction Consider a situation where your residential property in which you have lived for decades has been demolished by the authorities of the FCT, or the Lagos State Ministry of Environment for allegedly being located in an industrial area. Suppose some customs officers at a checkpoint found you in possession of items which they claim to be contraband and, therefore, seized pursuant to the new Customs policy of zero-tolerance of goods likely to endanger the economic growth or contribute to the...

Words: 42593 - Pages: 171

Free Essay

How to Find a Proposed Regulation

...How to Find a Proposed Regulation:   ASSIGNMENT QUESTIONS: 1a. Make sure you submit a copy of your proposed regulation as an attachment to the Dropbox with this template. The Dropbox allows you to attach multiple documents in the same submission. (5 points) 1b. Identify the administrative agency (full name, not just the acronym) which controls the regulation. Briefly explain why this agency and your proposed regulation interests you. If this proposed regulation will affect you or the business in which you are working, please explain how. It is not required that the proposed regulation affect you professionally or personally. You can use any regulation for this assignment so long as you are able to answer the questions posed here (Questions 1-5). (10 points) Answer: Centers for Disease Control and Prevention (CDC) - This specific agency, and proposed regulation, is of particular interest to me because of my past and future courses of study. My MPH degree was in public health with a concentration in disaster/emergency management so I want to ultimately aide in the education of my community to prevent communicable diseases. In the meantime, while working with medical students and clinical training sites, I am partially responsible for the health clearance of all of the students to ensure that they are able to do their clinical without risk of unnecessary exposure to harmful contagions. 2. Describe the proposal/change in your own words. (10 points) Answer: Influenza...

Words: 1143 - Pages: 5

Premium Essay

Week 2 Homework

...State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interests you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? The administrative agency that controls this regulation is the Alcohol Tobacco Firearms and Explosives Bureau (The ATF), whose parent agency is the Department of Justice. This agency and its proposed regulation interests me because I am a supporter of the second amendment and I am opposed of any regulations that seek to limit the second amendment. I do not own any firearms, nor do I expect to receive any firearms in the immediate future, but my fiance’s father owns many firearms and, in the future, when he passes away, those guns are likely to be transferred to her and this legislation will affect that transfer by requiring the receiver of those firearms to verify that they are a “responsible person” This regulation will not affect the business in which I am working. That business is Verizon Wireless, which does not deal in any firearms (at least to my knowledge). I am interested in this subject from a purely academic point of view. Describe the proposal/change. This regulation would require a person legally receiving a firearm (ostensibly someone receiving it as a gift or as part of an inheritance) to prove that they are a “responsible person”, furthermore this “responsible person” would have to complete a form and submit photographs and...

Words: 796 - Pages: 4

Premium Essay

Week 2 Assignment Lgl Poli Ethcl Dimns of Busn.Docx

...1. State the administrative agency that controls the regulation. Explain why this agency and your proposed regulation interest you (briefly). Will this proposed regulation affect you, or the business in which you are working? If so, how? Submit a copy of the proposed regulation along with your responses to these five questions. The proposed regulation can be submitted as either a separate Word document (.doc) or Adobe file (.pdf). This means you will submit two attachments to the Week 2 Dropbox: (a) a Word document with the questions and your answers, and (b) a copy of the proposed regulation you used for this assignment. (10 points) The administrative agency that controls the specific regulation that I select is, “Office of the Secretary, Department of Defense (DoD).” Regulation: Child Development Programs (CDPs) ACTION: Interim final rule. This agency and the proposed regulation interest me because of my time spent in the military. While serving my country for I had seen many different changes take place due to new regulations imposed to the military by the DOD. In this case, the regulation is one that would have affected me if I was still in. CDP’s are of critical importance to the men and women that serve our country. Knowing that are government is attempting to increase the current level of assistance is gives CDP’s would be a big win for the government and the children and parents that will be impacted. 2. Describe the proposal/change. (10 points) The proposed...

Words: 1249 - Pages: 5

Free Essay

Administrative Law Introduction Recap

...WHAT IS ADMINISTRATIVE LAW? Broadly, AL might be defined as the legal control of govern’t More narrowly, AL consists of those legal principles at define the authority and structure of administrative agencies, specify the procedures agencies must follow, determine the validity of administrative decisions and define the role of reviewing courts and other organs of govern’t in relation to a.a. Each particular field of regulation has its corresponding substantive and procedural law. AL as such deals with the general principles and rules that cut across the particular substantive fields and apply t a.a. generally. These principles include 3 basic bodies of law: (1) constitutional law; (2) statutory law, including above all the APA; (3) a form of federal com mon law, embodied in judicial decisions that do not have a clear constitutional or statutory source. REGULATION Aa are engaged in regulation. Regulatory agencies develop and enforce prohibitions or obligations with which private firms and/or individuals must comply (some agencies aren’t regulatory, but benefactor: they’re engaged in disbursing govern’t benefits). PROBLEMS THOUGHT TO CALL FOR (ADMINISTRATIVE) REGULATION One can imagine a govern’t without agencies, but no govern’t can avoid “regulation”. The common law is in fact a regulatory system, although outside the definition set out above: it depends on the creation and enforcement , by law, of a set of rights, notably those creating private property and enforceable...

Words: 1898 - Pages: 8

Premium Essay

Administrative Law

...Dorothy Scroggins GM520 - Week 2 Assignment Administrative Law Assignment SEP10 1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interests you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? I chose the Department of Public Safety, Division 45: Missouri Gaming Commission, Chapter 5: Conduct of Gaming. One of the many benefits Casinos love to share is that money from their profits will go to a public school fund. 2. Describe the proposal/change. The Gaming Commission is proposing an amendment to 11 CSR 45-5.051, Minimum Standards for Blackjack. The amendment will allow a floor supervisor (Pit-Boss) may direct the dealer to shuffle the cards after any round of play is completed and all wagers have been resolved. It won’t affect me directly but depending on how the Pit-Boss uses this internal control method, it could help or harm the Fund that is generated for Public Schools. Shuffling the cards in the middle is a deck is used to stop the current momentum. If the player(s) at the table are hot then this can break a streak that is cutting into the Casino’s profits. In this case it’s a win for the Public School Fund. 3. Write the public comment which you would submit to this proposal. If the proposed regulation deadline has already passed, write the comment you would have submitted. Explain briefly what you wish to accomplish with your...

Words: 669 - Pages: 3

Free Essay

Gm454

...Week 2 Homework Help 1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interests you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? Submit a copy of the proposed regulation along with your responses to these five questions. The proposed regulation can be submitted as either a separate Word document (.doc) or Adobe file (.pdf). This means you will submit two attachments to the Week 2 Dropbox: (1) a Word doc with the questions and your answers and (2) a copy of the proposed regulation you used for this assignment. (10 points) Interstate Commerce Commission (ICC) regulated interstate surface transportation between 1887 and 1995. This interests me because of the changes of transportation. Yes, it does affect me because they are doing price controls and entry controls on the collective vendor’s price setting in the United States transportation. 2. Describe the proposal/change. (10 points) It is regulated through varies transportation modes starting with the railroad industry and later the trucking and airline industry. 3. Write the public comment which you would submit to this proposal. If the proposed regulation deadline has already passed, write the comment you would have submitted. Explain briefly what you wish to accomplish with your comment. (10 points) Deregulation—freeing up the trucking market to permit much more flexible pricing and service...

Words: 269 - Pages: 2

Free Essay

Mgm520-Wk2 Homework

...Week 2 Homework – Administrative Law Assignment State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interest you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? Submit a copy of the proposed regulation along with your responses to these five questions. The proposed regulation can be submitted as either a separate Word document (.doc) or Adobe file (.pdf). This means you will submit two attachments to the Week 2 Dropbox: (a) a Word document with the questions and your answers and (b) a copy of the proposed regulation you used for this assignment. (10 points) Department of Health and Human Services – Food and Drug Administration As an independent pharmaceutical representative currently contracted with a company who manufactures, markets and samples prescription drugs for colds, coughs and allergies this will have a significant impact on my prescription product line. 2. Describe the proposal/change. (10 points) The proposal will no longer allow the marketing, production, distribution and or sell of unapproved FDA prescription drugs for colds, coughs and allergies. 3. Write the public comment that you would submit to this proposal. If the proposed regulation deadline has already passed, write the comment you would have submitted. Explain briefly what you wish to accomplish with your comment. (10 points) My comment is that although these drugs...

Words: 953 - Pages: 4

Free Essay

Markets and Non Markets

...Deregulation, 4. Intellectual Property Protection 5. Human Rights 6. International Trade Policy 7. Regulation & Anti-trust 8. Activist Pressures 9. Media Coverage of Business 10. Corporate Social Responsibility & 11. Ethics Management & Managers is both responsible for formulating and implementing nonmarket as well as market strategies. Market Environment determines significance of nonmarket issues to the firm. Nonmarket Environment shapes opportunities in the marketplace. Market Environment Nonmarket Environment a) Competitive a. Competitive b) Performance is determined by competition among firms as directed by their market or competitive strategies. b. Legislation, regulation, administrative...

Words: 1536 - Pages: 7