The Effects of Administrative Controls

The Effects of Administrative, Technical, and Physical Controls on Security

Abstract

Administrative, Technical, and Physical Controls can impact any organization’s security measures if implemented effectively. To be implemented effectively, organizations must clearly define the policies, procedures, or guidelines they set forth throughout each control mentioned above. This document addresses what an organization should do in order to eliminate a false sense of security. It will also define some potential consequences when verification practices aren’t present. Thus, it will mention what organizations can do to enhance their defense-in-depth strategy and how these activities can relate to “best practices”. Finally, the reader will also be able see how those same activities demonstrate regulatory compliance.

The Effects of Administrative, Technical, and Physical Controls on Security

It has been asked: “How could Administrative, Technical, and Physical Controls introduce a false sense of security?” Although it’s great to have administrative, technical, and physical controls in place, but for them to be effective an organization must go beyond the realm of securing their assets. For either of these controls to be effective, an organization has to remember that these three controls should not only include security measures against outside forces, but also from potential threats within their network (i.e., employees/users).

For example, once the administrative, technical, and physical controls are established and are made known to each individual within an organization, the company should mandate training sessions for all users. These training sessions would help users understand what each policy within each control entails and it should also explain what is expected from each user.

Each control has the potential to introduce a false sense of security if any of their defined policies aren’t enforced. An example of a control, according to Red Hat...