Administrative Controls

Policy and Process-Based Security

What are Administrative Controls?

Administrative Controls are security measures implemented through policies, procedures, and governance frameworks rather than technical mechanisms. They define how security is managed within an organization.

Examples include security policies, User Awareness Training, incident response procedures, and Risk Assessment processes. These controls complement Technical Controls and Physical Controls within a Defense in Depth strategy.

What are Administrative Controls used for?

Administrative controls are used to establish governance, define responsibilities, and guide employee behavior. They are essential for ensuring compliance with regulations such as ISO/IEC 27001 and frameworks like NIST Cybersecurity Framework.

They help reduce risks such as Social Engineering and Insider Threat by promoting awareness and enforcing structured processes. They also support Governance, Risk, and Compliance (GRC) initiatives.

Continue reading

The Open Worldwide Application Security Project (OWASP)
Application Security Initiative
NIST SP 800-160
Systems Security Engineering Standard
Identification, Authentication, Authorization, and Accountability (IAAA)
Core Access Management Framework

Please note!
Any use of this website requires prior agreement to our Terms of Use, Privacy Policy, and Cookie Policy.
If you do not fully agree to all of them, do not use this website.