Free Essay

Technical Controls

In: Computers and Technology

Submitted By ispep13
Words 1085
Pages 5
Administrative Controls

•How do Administrative Controls demonstrate "due care?"
Administrative Controls demonstrate “due care” by providing and following policies, procedures, and standards that allow a company to show that steps were taken to protect the network and or information that is hidden by a responsible parties. It is critical that the CIA (Confidentiality, Integrity and Availability) is vital in protecting data that companies have of its customers. Due care is defined by the Information Systems Audit and Control Association (ISACA) as:
2.1.1 The standard of “due care” is the level of diligence which a prudent and competent person would exercise under a given set of circumstances. “Due professional care” applies to an individual who professes to exercise a special skill such as information system auditing. Due professional care requires the individual to exercise that skill to a level commonly possessed by practitioners of that specialty.

2.1.2 Due professional care applies to the exercise or professional judgment in the conduct of work performed. Due care implies that the professional approaches matters requiring professional judgment with proper diligence.
Despite the exercise of due professional care and professional judgment, situations may nonetheless arise where an incorrect conclusion may be drawn from a diligent review of the available facts and circumstances. Therefore, the subsequent discovery of incorrect conclusions does not, in and of itself, indicate inadequate professional judgment or lack of diligence on the part of the IS auditor. (Information Sys)
Administrative Controls and due care should go hand in hand. One cannot hope to demonstrate due care without having the proper administrative controls such as a good Information Technology protection plan. An example of an administrative control is when a company wants you to change your password every 90 days and has a combination of 14 letters, numbers and symbols password that protects against dictionary attacks. The emergence of asking a question before you type a password to get into your bank account is a form of a policy and procedure showing that a company attempted a form of due care. The lack of administrative controls will negatively affect the corporation. They will have a huge liability if they did not offer any controls to protect the network and the customer’s information. Without the lack of administrative controls then that shows that there were not and due care taken. This provides a good door to be open for corporate law suits. With all of the different laws and regulations at the federal level such as Health Insurance Portability and Accountability Act (HIPAA), The Family Education Rights and Privacy Act (FERPA), and Sarbanes Oxley (SOX) it would be a pure act of negligence if a corporation avoided administrative controls for due care. Without any administrative controls it shows a blatant lack of consideration for your customer’s information and privacy.
•How do Administrative Controls influence the choice of Technical and Physical Controls? The policies, procedures and best practices are influence the technical and physical controls. Administrative controls guides the corporations on what must be done in order to protect the network. When those policies are implemented you get things like the gold standard or a base line image. A company will know that this image can be patched or does not have any security weaknesses at the moment it was created. Policies will be in place created by administrative controls that will state that scans will be done on computers and if an information assurance vulnerability assessment (IAVA) is found on the system then it will be patched with an update. If it cannot be patched then they may quarantine it until it can be repaired. Some physical controls work with technical controls. If a computer is off of the network for a certain period of time then they will not let the employee physically connect the computer back on the network until it has been scanned for any viruses thus protected the network and customers information from possible malware attacks. An Intrusion Detection System is a technical control, it detects when someone infiltrates a system and this gives the defenders on the system a warning that something has gone wrong. The policies or procedures that company could take for physical controls could limit access to certain areas by a sign or common access card (CAC). This physically stops people from entering sensitive areas or to computer systems that may hold valuable information. Physical controls include locks, barriers, mantraps and even location specific controls.
•How would the absence of Administrative Controls affect projects in the IT department?
The absence of Administrative Controls would affect the projects in the IT department by creating a wild west of planning. For example if you were to plan installing secret internet in a building without following any administrative controls, there is a good chance that it will not be in compliance with Chief Information Office and would probably fail an inspection. This happened to a company that I used to work for. They spent a lot of money on installing the cables but they had to have the right type of Protective Distribution System (PDS). The higher authorities will not turn on this specific internet the policies were not followed. In some places you may get far enough to install of complete some parts of the project however eventually if the project is large enough then you will get penalized and have a faulty system that should really not be in operation. You may have spent millions of dollars on something that is not even compliant with current laws and open yourself up to lawsuits if it could be proved that you did not take proper due care and if you did not have administrative controls in place before you started an Information Technology project.

References
Administrative controls-lecture. (n.d.). Retrieved from http://www.devryu.net/re/DotNextLaunch.asp?courseid=8667805&userid=2180995&sessionid=e44a8b3d0a&tabid=8SYJe0ytNKmuZiBnS6/1Iv4aM1sBUKkIIMARSCLlwPu9IzXCRecSN0IzdxJEwgC&sessionFirstAuthStore=true&macid=pcMJlvDH657/SeG7FxJmuP4oiZRtCTGb4UBFW7WdYd89IM1d0fvynK3q/x91BQ4SrlsC5s6c4rephksP5fzlK0KkGg9UQM8oOh33muetKsVsVjLv9ksurHzQmpZpeF3FxynMhgJfEihpEKomwd/FVLL4x6LWzWVW9DTg6gqj5AySVW41gMxHV0hcxSKRmsPDUHZsUy6Cf1FzJddTTMJc5TmkXzHpzgh/rwCAE57aZs=
Cantrell, B. (n.d.). Due care in the computing environment. Retrieved from http://www.giac.org/cissp-papers/142.pdf
Information Systems Audit and Control Association (ISACA) http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=18550
Northcutt, S. (2009, September 1). Security controls. Retrieved from http://www.sans.edu/research/security-laboratory/article/security-controls
U.S. Department of Agriculture, Food Safety and Inspection Service. (2012). System and information integrity (1306.6). Retrieved from website: http://www.fsis.usda.gov/wps/wcm/connect/5f23b121-3b79-448d-8f7a-b0ec4f6596fc/1306.6.pdf?MOD=AJPERES…...

Similar Documents

Premium Essay

Technical Writing

...Technical Writing and Writing a Technical Report [pic]Understand the type of technical report you are writing. Technical reports come in all shapes and sizes, but they all share the same goal of communicating information clearly. Deciding what type of document you need to write is an important first step as it influences your approach. For example, the following demand different approaches. Reporting Research Findings These documents describe the work done to gather information in the laboratory or field. They can be simple recording or data or more thorough and include: the problem or issue examined, the method or equipment used, the data collected and the implications. Simple Technical Information Report This document explains a technical subject. It has no aim other than to make sure readers understand the topic clearly. For example, a technical report on a investing in the futures market would probably explain how the market evolved, how it works, the specialist terms used and so on. A simple technical report for information does not put forward a view on the merits of investing in the market or have recommendations. Technical Specifications Specifications typically consist of descriptions of the features, materials, uses and workings of new product. Good specifications concentrate on graphics, data and illustrations rather than written descriptions. Think of a patent application as a good example. Technical Evaluation Reports Evaluation reports, sometimes......

Words: 3230 - Pages: 13

Free Essay

Technical Study

...Technical Study 3.1 PRODUCTS AND SERVICES The L&M Partnership is a company that offers customers a choice of imagery, symbols, and designs to apply to the front or back of a shirt. They also offer custom sublimation mainly on T-shirts, but will have other shirt styles available. Customers can choose from pre-existing graphics or custom artwork. The pre-existing graphics are chosen from an extensive catalog. The L&M Partnership will have a comprehensive Website that will allow ordering a customer's home, or where ever they may be. The L&M Partnership will also offer custom artwork or graphic options for personalizing shirts. The customer may bring in a graphic or may use of a sub-contracted artist to realize their vision. The artist can take a customer's pencil drawing or even articulated thoughts and turn them into a new design. The L&M Partnership will offer a range of different shirt options. Short sleeves, long sleeves, organic fabrics, and a variety of styles will also be offered. They also have different sizes of shirts such as small, medium, large and extra large. The objective of L&M Partnership on making personalized shirts is to provide a way to design custom t-shirts and sell them without risk. It allows you to create custom graphics, determine the cost and then add a mark-up. In other words, profit for your pocket. To top it off, the partnership do everything on the back end, too: process the shirts, designs, packing, and......

Words: 1398 - Pages: 6

Free Essay

Technical Analysis

... SYMBIOSIS SCHOOL OF BANKING MANAGEMENT Constituent of symbiosis International University Accredited by NAAC with ‘A’ Grade Established under Section 3 of the UGC Act, 1956, vide notification No: F.9.12/2001-U-3of the Government of India. IMPORTANCE OF TECHNICAL ANALYSIS IN DETERMINING MOVEMENT OF PRICE IN EQUITY STOCK MARKET Internship Report submitted to SIU in partial completion of the requirement of MBA Banking Management at Symbiosis School of Banking Management Pune-412115. NAME OF THE STUDENT: PROJECT MENTOR (SSBM) PROJECT MENTOR / PRN: REPORTING OFFICER (AT THE BANK) ABHISHEK AGRAWAL DR. BINDYA KOHLI AMOL ATHAWALE PRN: 12020941031 APRIL 08 2013 TO MAY 25 2013 ACKNOWLEDGEMENT I sincerely and religiously devote this Research Paper to all the gem of persons who have openly or silently left an ineradicable mark on this research so that they may be brought into consideration and given their share of credit, which they genuinely and outstandingly deserve. This expedition of......

Words: 17695 - Pages: 71

Premium Essay

Technical Report

...Technical Writing and Writing a Technical Report [pic]Understand the type of technical report you are writing. Technical reports come in all shapes and sizes, but they all share the same goal of communicating information clearly. Deciding what type of document you need to write is an important first step as it influences your approach. For example, the following demand different approaches. Reporting Research Findings These documents describe the work done to gather information in the laboratory or field. They can be simple recording or data or more thorough and include: the problem or issue examined, the method or equipment used, the data collected and the implications. Simple Technical Information Report This document explains a technical subject. It has no aim other than to make sure readers understand the topic clearly. For example, a technical report on a investing in the futures market would probably explain how the market evolved, how it works, the specialist terms used and so on. A simple technical report for information does not put forward a view on the merits of investing in the market or have recommendations. Technical Specifications Specifications typically consist of descriptions of the features, materials, uses and workings of new product. Good specifications concentrate on graphics, data and illustrations rather than written descriptions. Think of a patent application as a good example. Technical Evaluation Reports Evaluation reports, sometimes......

Words: 3230 - Pages: 13

Premium Essay

It Control

...of Information Security Controls Harold F. Tipton Security is generally defined as the freedom from danger or as the condition of safety. Computer security, specifically, is the protection of data in a system against unauthorized disclosure, modification, or destruction and protection of the computer system itself against unauthorized use, modification, or denial of service. Because certain computer security controls inhibit productivity, security is typically a compromise toward which security practitioners, system users, and system operations and administrative personnel work to achieve a satisfactory balance between security and productivity. Controls for providing information security can be physical, technical, or administrative. These three categories of controls can be further classified as either preventive or detective. Preventive controls attempt to avoid the occurrence of unwanted events, whereas detective controls attempt to identify unwanted events after they have occurred. Preventive controls inhibit the free use of computing resources and therefore can be applied only to the degree that the users are willing to accept. Effective security awareness programs can help increase users’ level of tolerance for preventive controls by helping them understand how such controls enable them to trust their computing systems. Common detective controls include audit trails, intrusion detection methods, and checksums. Three other types of controls supplement preventive......

Words: 456 - Pages: 2

Free Essay

Technical

...when you bring it home. (In contrast, the operating system can either be pre-installed by the manufacturer or vendor or installed by the user.) BIOS is a program that is made accessible to the microprocessor on an erasable programmable read-only memory (EPROM) chip. When you turn on your computer, the microprocessor passes control to the BIOS program, which is always located at the same place on EPROM. When BIOS boots up (starts up) your computer, it first determines whether all of the attachments are in place and operational and then it loads the operating system (or key parts of it) into your computer's random access memory (RAM) from your hard disk or diskette drive. With BIOS, your operating system and its applications are freed from having to understand exact details (such as hardware addresses) about the attached input/output devices. When device details change, only the BIOS program needs to be changed. Sometimes this change can be made during your system setup. In any case, neither your operating system or any applications you use need to be changed. Although BIOS is theoretically always the intermediary between the microprocessor and I/O device control information and data flow, in some cases, BIOS can arrange for data to flow directly to memory from devices (such as video cards) that require faster data flow to be effective. CMOS complementary metal-oxide semiconductor) is the semiconductor technology used in the transistors that (are manufactured into most of......

Words: 821 - Pages: 4

Free Essay

The Technical Criminal

...Assignment #3 The Technical Criminal: The Internet and Crime CIS 170- Information Technology in Criminal Justice Dr. Austen E. Ichu, PhD November 11, 2013 Generally people have a tendency to adapt to their environments and the changes occurring around them. This has also been the case with the criminal element and the way they commit crimes. Computers and their functions had taken on an entirely new level of advancement in their capabilities with the introduction of the Internet to the general public. This Internet for most can be a useful resource. From gathering research for an academic project to attending a board room meeting remotely, the Internet has proven to be key in many aspects of human life today. The Internet has also given way to a slue of new crimes and negative activity. Cyber stalking, Cyber bullying, exploitation, sex crimes, financial fraud and the use of viruses and malicious code are just a few things that have become prevalent on the information super highway. One of today’s largest concerns among parents is protecting their children from becoming victims of bullying. There was a time when you had to worry about the school bully running into while in the hallways of your school or out and about around your neighbor, but the situation surrounding bullying been given a technological advantage. Social media sites such, as Facebook.com, Twitter and Instagram have become the avenues for bullies to invade their victim’s homes and lives. In a......

Words: 1001 - Pages: 5

Premium Essay

Technical Essay

... (2014Spring) INFO TECHNOLOGY INFRASTRUCTURE INFO-300-901-2014Spring | Technical Essay 3 | a comparative analysis | | Kym Harris | 4/26/2014 | | Introduction Microsoft Windows, Apple Macintosh, and Red Hat Linux are the most popular operating systems used today. All three platforms have pros and cons, but many users struggle to find the right OS to serve their computing needs. While Macintosh and Linux seem to be impenetrable to viruses, Windows suffers a great deal from such intrusions. On the other hand, users find Windows to be easier to navigate than the other two operating systems. Macintosh, operating on the Apple computer platform is very expensive in comparison to the Windows platform, while Red Hat Linux is completely free and offers much of the same features as any of the others. The biggest advantage of a Windows platform is its ability to be compatible with almost every application, driver, or game available. Of course, Macintosh does not offer this same level of compatibility, as very few programs will run on this platform. Linux can be installed on any computer except Apple, and more flexibility and options than any of its competitors. Microsoft Windows Historical Background * 1981- Microsoft released its first operating system, Microsoft Disk Operating System (MS-DOS). Initially created for IBM computers, Microsoft was able to sign a deal that allowed them to license this product to other companies. MS-DOS used command line instead of the......

Words: 1689 - Pages: 7

Premium Essay

Technical

...The direct torque control theory has achieved great success in the control of induction motor. Many attempts have been made to implement the idea of DTC of induction motor since 1980’s. The DTC is implemented by selecting the proper voltage vector according to the switching status of inverter which was determined by the error signals of reference flux linkage and torque with their measured real value acquired by calculating in the stationary reference frame by means of simply detecting the motor voltage or currents. Aiming at the DTC in IM Drives, this project explained the theoretical basis of the direct torque control (DTC) for IM firstly. Direct torque control method (DTC) is one of the most excellent control strategies of torque control in induction machine. It is considered as an alternative to the field oriented control (FOC) or vector control technique. These two control strategies are different on the operation principle but their objectives are the same. They aim to control effectively the torque and flux. Torque control of an induction machine based on DTC strategy has been developed and a comprehensive study is present in this research. The performance of this control method has been demonstrated by simulations performed using a versatile simulation package, Matlab/Simulink. Direct Torque Control (DTC) is the latest AC motor control developed by ABB. ACs600 is the first application utilizing DTC. DTC is a control method that......

Words: 301 - Pages: 2

Premium Essay

Technical Report

...Technical Report When I went to check on the computer system, I did some basic revision on the computer, I defragmented computer and a disk clean-up was done. I also restored the computer to an earlier date to try to fix the problem. The internet history was also clear and cookies were removed. After I started checking on the system and I saw the operating system was outdated and Microsoft was no longer supporting the system. I chose to install a new operating system (Windows 7); to preserved important information that was stored on the computer I stored the information in an external hard drive . Johan Hall The Process of defragmenting Johan Hall window 7 operating system was then installed on the computer; after installation process, separate users account were created for different users of the computer system such as manager, and other employees. Johan Hall The important applications were installed on the computer; one of these applications is Microsoft office suite, it contains word processing, spreadsheet etc. The computer was then configure to connect to the internet; after the operating system was installed, the network driver was deleted. I downloaded the driver from the internet from my personal computer and then I installed it to the computer, after which the internet started working successfully. After I had installed everything and I had make sure that it was working fine I set back the desktop to it previous settings example, the......

Words: 280 - Pages: 2

Free Essay

Technical Writer

...SOFTWARE LICENSE AGREEMENT Keywords Hard disk storage device, single central processing unit, single local area network, single user license grant, specific design structure, prior written consent, reasonable security measure, u.s export administration, customer's exclusive remedy, commercial items clause, single file server, object code form, normal business hour, consequential incidental damage, nonexclusive nontransferable license, appropriate licensee fee, testing demonstration purpose, export control law, multiple-users license grant, (1) archival copy, product authorization key, event audit disclose, required license fee, temporary software module, commercial computer software, software license agreement, single location, suppliers grant, rights clause, license fee. Preamble 1 Single User License Grant: 1 Multiple-Users License Grant: 1 LIMITED WARRANTY. 2 DISCLAIMER. 3 Preamble SOFTWARE LICENSE AGREEMENT PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING OR USING THE SOFTWARE. BY CLICKING ON THE ACCEPT BUTTON, OPENING THE PACKAGE, DOWNLOADING THE PRODUCT, OR USING THE EQUIPMENT THAT CONTAINS THIS PRODUCT, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE DO NOT ACCEPT BUTTON AND THE INSTALLATION PROCESS WILL NOT CONTINUE, RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND, OR DO NOT DOWNLOAD THE PRODUCT. Single User License......

Words: 1385 - Pages: 6

Free Essay

Technical

...creación. No son ángeles los que mueven cada hoja de miles de árboles en un día de vendaval. 15 Burnham, p. 20. Quiero recordarle al lector que el libro de Burnham, que ha vendido más de medio millón de copias, es absolutamente de la Nueva Era. Sin embargo, algunas porciones de su libro son bastante informativas. 66 CAPÍTULO CINCO SU ÁNGEL PERSONAL Ángeles, a dondequiera que vamos, Nuestros pasos atienden en cuanto sucede. Con cuidadoso esmero realizan su tarea, y apartan del camino el mal que nos rodea. Carlos Wesley Se dice que entre los ángeles algunos se encargan de las naciones, otros acompañan a los fieles. San Basilio Los ángeles guardianes son quizás el tipo más popular porque todos sabemos cuán frágil puede ser la vida, cuán poco control pareciera que tenemos sobre los hechos que dan forma a nuestra vida. Desesperadamente necesitamos protección de las circunstancias inesperadas y de los peligros ocultos. La simple idea de saber que hay ángeles volando a nuestro alrededor nos da un sentimiento de seguridad. UN POCO EN LA HISTORIA La idea de los ángeles guardianes estaba bastante bien desarrollada en el judaísmo de los tiempos en que se escribió el Nuevo Testamento. De acuerdo con Colin Brown, el judaísmo enseña que cada individuo tiene su propio ángel guardián, 1 una visión generalmente certificada por los escritos de la iglesia primitiva. El gran predicador Crisóstomo, en sus Homilías sobre Colosenses, afirmaba que «cada creyente tiene un ángel». 2 En el siglo......

Words: 76063 - Pages: 305

Premium Essay

Technical Controls Paper

...Technical Controls Paper A.M SE578 Gordon Francois Keller Graduate School of Management January 22, 2012 Technical Controls Technical controls use technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in scope and encompass such technologies as: * Encryption * Smart cards * Network authentication * Access control lists (ACLs) * File integrity auditing software Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. For example: passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls. An important logical control that is frequently overlooked is the principle of least privilege. The principle of least privilege requires that an individual, program or system process is not granted any more access privileges than are necessary to perform the task. A blatant example of the failure to adhere to the principle of least privilege is logging into Windows as user Administrator to read Email and surf the Web. Violations of this principle can also occur when an individual collects additional access privileges over time. This happens when employees' job duties change, or they are promoted to a new position, or they transfer to another department. The access privileges required...

Words: 905 - Pages: 4

Premium Essay

Technical

...Building an access control system Project scope statement Access control system allows authorized users to enter and exit places or acquire resources they are authorized to and automatically keeps out unauthorized users or intruders from accessing such resources or places. The access control system eliminates the need of guards and watchmen especially in the case of a college dormitory and by far has many advantages over them in that it keep watch throughout besides its reliability, record keeping ability, accountability and less error prone. Access control system will help keep strict watch at the dormitory entrance at all the time, keep a daily record of persons accessing the dormitory via the reader and capture their images via the rotating camera placed above the entrance for security purposes and prevention from person’s intrusion without permission (Conference & Khosrowpour, 2001). There are many authentication mechanisms used to authenticate a user before accessing a restricted resource or place such as password s, personal identification numbers (PINs) fingerprints. This system uses a person’s identification card to either grant or deny access to the dormitory. Authorizations are structured in this system in such a manner that only users whose identification numbers appears in the database of the dormitory members control list are granted access and the rest denied. The system comprises of three major parts; control panel (highly......

Words: 979 - Pages: 4

Free Essay

Technical Questions

...Face Interviews Confidently! Technical Aptitude Questions Table of Contents Data Structures Aptitude ............................................................................. 3 C Aptitude .................................................................................................. 12 C++ Aptitude and OOPS ............................................................................ 75 Quantitative Aptitude............................................................................... 104 UNIX Concepts ......................................................................................... 121 RDBMS Concepts ..................................................................................... 135 SQL .......................................................................................................... 153 Computer Networks ................................................................................. 161 Operating Systems .................................................................................. 169 2 Copyright©: Vyom Network (http://www.vyomworld.com) - All Rights Reserved Technical Aptitude Questions Data Structures Aptitude Data Structures Aptitude 1. What is data structure? A data structure is a way of organizing data that considers not only the items stored, but also their relationship to each other. Advance knowledge about the relationship between data items allows designing of efficient algorithms for the manipulation of......

Words: 31949 - Pages: 128

La Naissance du dragon | Anthony Del Negro | Temporada 1