© Raymond Pompon 2016

Raymond Pompon, IT Security Risk Control Management, 10.1007/978-1-4842-2140-2_13

13. Administrative Controls

Raymond Pompon

(1)Seattle, Washington, USA

Don’t write with a pen. Ink tends to give the impression the words shouldn’t be changed.

—Richard Hugo, The Triggering Town

There is a tendency to lean for security practitioners to heavily on technical and physical controls. Machines do the same thing every time, forever and ever. Humans are more variable in their execution of tasks. However, we aren’t at the point where machines run themselves (I for one welcome our new robot overlords). Administrative controls are how you manage all this technology and associated controls in accordance with your stated security goals. We’ve ...

Get IT Security Risk Control Management: An Audit Preparation Plan now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.