Administrative Controls

In: Computers and Technology

Submitted By btallen
Words 2056
Pages 9
Professor Patrick Coyle
January 17, 2015
SEC578
Keller Grad School Of Mgmt

How do Administrative Controls demonstrate “due care”?

To better answer this question lets define “Administrative Controls” and “Due Care.” Administrative Controls can be the defined as direction or exercise of authority over subordinate or other organizations in respect to administration and support, including control of resources and equipment, personnel management, unit logistics, individual and unit training, readiness, mobilization, demobilization, discipline, and other matters, while Due Care is the degree of care that a person of ordinary prudence and reason (a reasonable man) would exercise under given circumstances. With this understanding we can see that Administrative Controls establish the ground work for an employee to understand and be able to do their job in accordance to the company’s policies and procedures.

Administrative controls consist of approved written policies, procedures, standards and guidelines. Administrative controls form the basis for the selection and implementation of logical and physical controls. Logical and physical controls are manifestations of administrative controls. Some industry sectors have policies, procedures, standards and guidelines that must be followed – the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy of Gramm-Leach-Bailey (GLB), which pertains to financial records maintained by brokerages, banks, lending institutions, and credit unions. GLB addresses the need for CIA over the financial records of consumers, and it outlines specific obligations that must be taken by these institutions to protect the data associated with such records.

Due care policies identify the level of care used to…...

Similar Documents

Administrative Accountability

...Administrative accountability There have been regular attempts at administrative reforms and innovation, both at the Centre and in the States, including starting new institutions and systems in India since 1947. Although the results have been strong on assurances and weak on performance. Thus the results have not been commensurate with our hopes and needs. Further, besides persistence of problems of administration with increasing severity, we have also witnessed in succeeding decades acceleration in the process of degeneration in our socio-economic-political and administrative scenario. Today the situation has become so alarming now that even the law and order situation in many parts of the country, rural as well as urban, presents a depressing picture Today people expect a prompt and effective response to their problems and concerns in this Information Technology era. As the Public Administration machinery expands and becomes more complex, the need for holding it properly accountable is more acutely felt principal problem of governmental administration today is not one of securing efficiency but one of insuring accountability; In India the assumption in the context of democracy, is that the civil servants work for the people. But the problem of locating accountability therefore becomes acute because of the nature of the job performed and power exercised by the civil servants. Today they are no longer confined to the job of implementing the policies and executing the......

Words: 647 - Pages: 3

Administrative Ethics

...of 1996, the Health Insurance Portability and Accountability Act (HIPPA) were passed into law (Van der Aa, 2000). The law is intended to improve the efficiency and effectiveness of the health care system by standardizing how to exchange data for specific administrative and financial transactions, while protecting the security and confidentiality of that information (Van der Aa, 2000). The areas addressed for HIPPA are: • Concerns that disclosure of patient medical records could result in embarrassment, insurance declination, loss of employment, or failure to be hired in a new job; • Increasing costs of data exchange in an incompatible and often competing standards environment to exchange administrative and financial data; • Implement processes and systems to reduce fraud (Van der Aa, 2000). HIPPA was signed into law, to help create a standard that will protect patient’s medical records and personal health records. This act is to help the health care employees have more control of a patient’s information and its privacy. This act also gives the patient the right to control their own information. Apart from the right to inspect, amend and correct their confidential health information, patients now have the right to control what information can be released and to whom (Van der Aa, 2000). The following case study is an opportunity to review ethical issues relative to confidentiality. This case study is a backdrop for the ethical analysis of issues by an administrator......

Words: 1750 - Pages: 7

Administrative Controls

...Week 2: Administrative Controls SE578 – Prof. Joseph Constantini By David Truong (D00571438) 1/18/2013 Table of Contents How do Administrative Controls demonstrate “due care?” 3 How does the absence of Administrative Controls impact corporate liability? 3 How do Administrative Controls influence the choice of Technical and Physical Controls 4 How would the absence of Administrative Controls affects prigects in the IT department 4 Summary 5 Reference 6   How do Administrative Controls demonstrate "due care?" Administrative Controls are guidelines that is set up by management in order to meet the standard that shows that how he company has taken precaution to prevent malicious intent as well as prevention against malicious intent. The controls that are implemented must show a degree in which the process is common and assist in the fortifying the company’s ability to prove its willingness to take action on correcting weaknesses within the company. This idea is also known as “due care.” They must include controls that contribute to individual accountability, ability to audit, and separation of duties. Administrative Controls can be identified with two specific category: detective administrative controls and preventative administrative controls. Ultimately, the purpose of Administrative Controls is to show that the company has taken the necessary precaution, the “due care,” to protect the confidentiality, integrity and......

Words: 896 - Pages: 4

Administrative Control Paper

...This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the business process(es) the system supports, and by using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine business processes and recovery criticality. Business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume business processes......

Words: 1287 - Pages: 6

Administrative Controls

...How do Administrative Controls demonstrate “due care?” First, the definition of “due care” is the care that a reasonable man would exercise under the circumstances; the standard for determining legal duty. In the case of an information system, due care is a legal yardstick used to examine whether an organization took reasonable precautions to protect the Confidence, Integrity, and Availability (CIA) of an information system in a court of law. Organizations use Administrative Controls whereas management creates policies, standards and guidelines as well as a training and enforcement programs to ensure that the policies, standards and guidelines are being followed in order to protect the CIA of information within their information system. A lack of administrative controls suggests that management is negligent in understanding its responsibility to protect the information system usually contributing to theft, loss, or aid of a crime. How does the absence of Administrative Controls impact corporate liability? I feel that the absence of Administrative Controls would have a negative impact on corporate liability. If an organization handles Personal Identity Information (PII), whether personal, financial, or medical, they are legally responsible for the safe keeping of this information. Not having administrative controls in place to safeguard this information, an organization could be held liable should theft, loss or aid of a crime occur. Legislative actions such as the......

Words: 591 - Pages: 3

Administrative Regulation

...Week 2 Homework-Administrative Regulations K’Asha Nesbitt November 9, 2013 1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interest you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? The Department of Health and Human Services as well as the Food and Drug Administration controls the regulation. This particular regulation interests me because I am a Systemic Lupus Erythematous (SLE) patient and I have been suffering from this illness for over 10 years. There is a chance that somewhere in the near future I could develop Lupus Nephritis (LN) (renal disease stemming from SLE). Yes, this regulation could affect me in a positive manner. If the FDA approves treatment and new drugs to help suppress SLE, this could mean less people will develop LN. 2. Describe the proposal/change. The proposal is to create guidance for unmet medical needs for more effective and less toxic treatments. This proposal will help to develop human drugs, therapeutic biological products and medical devices for the treatment of Lupus Nephritis caused by Systemic Lupus Erythematous (SLE). 3. Write the public comment that you would have written. Explain briefly what you wish to accomplish with your comment. My comment is that more people are developing this debilitating disease and there aren’t many drugs and treatments that help to suppress the inflammation. I was......

Words: 836 - Pages: 4

Administrative Agencies

...Administrative Agencies This write-up expounds on Group Four’s perspective of how agencies in the United States of America affect our lives. The group has provided a list of agencies that play similar and at times very different roles in ensuring the quality of life we have come to expect is never compromised. The write-up explains some of Group Four members’ real life experiences, offering recommendations as to how one should address the negative impact(s) a particular agencies has had on his or her life. Lastly, the write-up explains the role of the courts in address any negative experiences any individual may have had with any of the agencies and the limitations of the courts’ review of the agencies decisions that lead to the negative impact. Which agencies regulate some aspect of your lives? The longer the list, the more interesting this exercise should be, so take some time to brainstorm a thorough answer to this question. Federal Agencies CDC Centers for Disease Control and Prevention EEOC United States Equal Employment Opportunity Commission EPA United States Environmental Protection Agency FAA Federal Aviation Administration FCC Federal Communications Commission FDA Food and Drug Administration FDIC Federal Deposit Insurance Corporation FED Board of Governors of the Federal Reserve System FTC Federal Trade Commission HHS United States Department of Health and Human Services HRSA Health Resources and Services......

Words: 2314 - Pages: 10

Administrative Law

...LAW 443 ADMINISTRATIVE LAW I NATIONAL OPEN UNIVERSITY OF NIGERIA SCHOOL OF LAW COURSE CODE: Law 443 COURSE TITLE: Administrative Law I 1 LAW 443 ADMINISTRATIVE LAW I Course Code: Course Title: Course Developer/Writer: Administrative Law I Law 443 Simeon Igbinedion, LL.B., LL.M., B.L., PH.D., Faculty of Law, University of Lagos. Professor Animi Awah Ifidon Oyakhiromen, LL.B, LLM, M.Phil, Ph.D, BL Course Editor: AG. Dean,/Programme Leader: Course Coordinator: Mr. Ayodeji ige, LLM, BL 2 LAW 443 ADMINISTRATIVE LAW I COURSE GUIDE CONTENTS PAGE Introduction ……………………………………………………………………….. 1 What You Will Learn in this Course …………………………………………….... 2 Course Aims ………………………………………………………………………. 3 Course Objectives ………………………………………………………………… 3 Study Units ……………………………………………………………………….. 3-4 Tutor-marked Assignment ……………………………………………………....... 4 References/Further Reading ……………………………………………...……. 4 3 LAW 443 ADMINISTRATIVE LAW I Introduction Consider a situation where your residential property in which you have lived for decades has been demolished by the authorities of the FCT, or the Lagos State Ministry of Environment for allegedly being located in an industrial area. Suppose some customs officers at a checkpoint found you in possession of items which they claim to be contraband and, therefore, seized pursuant to the new Customs policy of zero-tolerance of goods likely to endanger the economic growth or contribute to......

Words: 42593 - Pages: 171

Administrative Agencies

...Aviation Law Section 8.) Administrative Agencies Assignment: Administrative Agencies Introduction As the aviation industry and environment has evolved over the years, the importance of administrative agencies has increased. Some of the driving forces behind this change in importance include the rapid development of new technologies, the desire to increase safety, and environmental concerns such as increased efficiency. Instructions For this assignment, complete the following: Research the roles of the Federal Aviation Administration (FAA), National Transportation Safety Board (NTSB), and Department of Transportation (DOT). Answer the following questions: 1. Explain the role of the FAA and why you think it is or isn't necessary. 2. Explain the role of the NTSB in aviation and why you think it is or isn't necessary. 3. Explain the role of the DOT in aviation and why you think it is or isn't necessary. 1. Explain the role of the FAA and why you think it is or isn’t necessary. Answer: The FAA was not always known as the FAA. It sprung up as a result from the Civil Aeronautics Act by relieving its responsibilities from the Commerce Department and formed its own Civil Aeronautics Authority. Roosevelt later divided the agencies into the Civil Aeronautics Administration and Civil Aeronautics Board in 40’s. As a result of jet travel and accidents the Federal Aviation Act of 1958 brought forth the FAA. The main roles of the FAA is to regulate air......

Words: 620 - Pages: 3

Administrative

...Administrative Ethics Jennifer Coetzee 11/26/12 HCS/335 Susan Morgan Administrative Ethics: There are so many issues in today’s society of administration in the health field. As technology progresses more and more issues continue to arise. Among the many issues in current administrative ethics the healthcare field faces today the most common issue that I found in my research is the issue of confidentiality and privacy of the patients. Even more today than there has been before keeping patients records private has become more and more difficult. There are different levels of information that can be affected. According to nursingworld.org the administrator protects information that is private, secret or privileged. This means that not all information is medical information about the patient but also information about the payroll or other contact information about the patient and the staff. This also would include information the patient does want their doctor to know about them which would be more privileged information and things they do not want their doctors to share with others. One of the main issues with keeping such information confidential according to the article Administrative Ethics and Confidentiality/Privacy Issues on nursingworld.org is that most often younger people are working in offices that do not respect or have accurate knowledge of the privacy laws such as HIPPA. Hippa is a government list of regulation and rules to abide by in any medical......

Words: 1311 - Pages: 6

Administrative Functions

...Administrative functions Administrators, broadly speaking, engage in a common set of functions to meet the organization's goals. These "functions" of the administrator are described as follows. * Planning - is deciding in advance what to do, how to do it, when to do it, and who should do it. It maps the path from where the organization is to where it wants to be. The planning function involves establishing goals and arranging them in a logical order. Administrators engage in both short-range and long-range planning. * Organizing - involves identifying responsibilities to be performed, grouping responsibilities into departments or divisions, and specifying organizational relationships. The purpose is to achieve coordinated effort among all the elements in the organization (Coordinating). Organizing must take into account delegation of authority and responsibility and span of control within supervisory units. * Staffing - means filling job positions with the right people at the right time. It involves determining staffing needs, writing job descriptions, recruiting and screening people to fill the positions. * Directing (Commanding) - is leading people in a manner that achieves the goals of the organization. This involves proper allocation of resources and providing an effective support system. Directing requires exceptional interpersonal skills and the ability to motivate people. One of the crucial issues in directing is to find the correct balance......

Words: 299 - Pages: 2

Administrative Controls

...Administrative Controls How do Administrative Controls Demonstrate Due Care Administrative controls entail several items including procedures, written policies, specific principles, guidelines, and trainings that are established to control the actions of individuals. Administrative controls actually classify the human factors of security and encompass every level of personnel within a company. This is how access is decided for every user; it’s based on the needs of the business. In terms of due care, this is a reflection of responsibility a company has taken for their actions within their company to provide the necessary protection. Due care is evident through specific controls established to confirm management is cognizant of the activities in their company. For example, I work for a healthcare company and controls are set in place to block all social networking sites from being accessed on the company network. This provides protection for the employees from accessing non-company related materials and it decreases the company’s chances malicious activity caused by accessing those sites. We also participate in employee trainings, which is also considered an administrative control. This is considered due care because we are trained to understand policies and procedures. When we start all training sessions, there are forms we have to complete stating that we are entering a specific course and we receive documentation at the end of the training session to reflect......

Words: 1040 - Pages: 5

Administrative Agency

...Pick an administrative agency of either the federal or a state government. Find where the current and proposed regulation changes for that agency are located on the Internet. (i.e., the Federal Register or the State Administrative Agency website.) Regulations.gov is a good place to begin your research. Pick one proposed regulation change currently under consideration (if you find one that has already closed out but interests you, you can use that instead) and write the following regarding it: 1. State the administrative agency which controls the regulation. Explain why this agency and your proposed regulation interest you (briefly). Will this proposed regulation affect you or the business in which you are working? If so, how? Submit a copy of the proposed regulation along with your responses to these five questions. The proposed regulation can be submitted as either a separate Word document (.doc) or Adobe file (.pdf). This means you will submit two attachments to the Week 2 Dropbox: (a) a Word document with the questions and your answers and (b) a copy of the proposed regulation you used for this assignment. (10 points) U.S. Department of Education- This regulation really interests me because this regulation will make it harder for students to receive educations and the percent of college graduate will be lower. I am a fan of college graduates actually graduating and obtaining their degree. With that being said, this topic has my interest 100%. 2. Describe the......

Words: 1116 - Pages: 5

Administrative Controls

...Administrative Controls Paper 1. How do Administrative Controls demonstrate "due care?" Administrative controls demonstrate “due care” because they are controls that meet a standard considered reasonable by most organizations that share similar backgrounds or work environments. Administrative controls that meet the standard of “due care” generally are easily achievable for an acceptable cost and reinforce the security policy of the organization. They must include controls that contribute to individual accountability, auditability, and separation of duties. Administrative controls define the human factors of security and involve all levels of personnel within an organization. They determine which users have access to what organizational resources and data. Administrative controls can be broken down into two categories: preventive administrative controls and detective administrative controls. Preventive administrative controls are techniques designed to control personnel’s behavior to assure the confidentiality, integrity, and availability of organizational information. Some examples of preventive administrative controls are: security awareness and technical training, separation of duties, disaster preparedness and recovery plans, terminating and recruiting procedures, and user registration for computer access. 2. How does the absence of Administrative Controls impact corporate liability? The absence of administrative controls will have a negative impact on corporate......

Words: 902 - Pages: 4

Administrative Controls

...| Administrative Controls | | | Administrative controls are basically directives from the senior management that provide the essential framework for the organizations security infrastructure. Administrative controls consist of the procedures that are implemented to define the roles, responsibilities, policies and various administrative functions that are required to manage the control environment as well as necessary to oversee and manage the confidentiality, integrity and availability of the organizations information assets. Administrative controls can range from very specific to very broad and can vary depending on the organizational needs, particular industry, and legal implications. Administrative controls can generally be broken down into six major categories which include operational policies and procedures, personnel security, evaluation, and clearances, security policies, monitoring, user management, and privilege management. Ultimately, the senior management within an organization must decide what role security will play within the organization and define the security goals and directives. Due care by definition is the care that an ordinary and reasonable person would take over their own property or information. An example of this would for a person to place documents that contain sensitive information such as social security cards, passports, etc. in a locked safe within their home. This measure is taken to ensure that only those individuals with......

Words: 1204 - Pages: 5