Administrative Security
Sign in

Administrative Security

Information Security Professiona
Administrative controls are perhaps most important, because they most directly impact your people.  On the one hand, they are the simplest, since all it takes is education.  On the other hand, education about the hazards of smoking or the possibility that having sex causes pregnancy hasn’t done much to change behaviors in those realms.  Well, rather than throw up our hands and give up, let’s tackle administrative controls anyhow.
 
Administrative controls are the hardest to implement because people must understand them, accept them, and implement them correctly—again, and again, and again.  Think of holding a rubber band stretched between your outstretched hands exactly the same distance apart 24 hours a day, 7 days a week, 365 days a year and you’ll realize why seriously scrappy information security people don’t rely solely on these approaches to keep a system safe.  

At the heart of administrative security are your policies and standards, which form the basis of your organization’s entire information security program.  My experience is that the average user considers the rules to be, at worst, an impediment, a business dis-enabler, if you will.  At best, users are apathetic towards, or simply uninformed about, policies. 

As someone who writes them for a living, I will use my next post to spend a minute on my soapbox. 

start_blog_img