By Edward J. Hawkins, II
Contributor, In Cyber Defense
One of the most challenging aspects of a security program is translating the administrative security into its logical counterparts. While it may sound easy to say, “I want a website for e-commerce and nothing else,” it is not always easy to create that website in a secure fashion, even though implementation has gotten better over time.
That’s not to say this process is difficult, but some of the laws involved can be quite exhaustive and confusing. This is where administrative security comes in and sets the stage for logical and physical security plans.
The Legalities Involved in Administrative Security
Administrative security is where an organization takes into consideration its mission statement (e.g. its reason for being in business), the laws and the regulations in which the organization will operate. In turn, this becomes the framework for the information that needs to be protected.
Almost every author who writes about the legal frameworks of information technology (IT), policies and risk management always addresses the four primary laws and one industry regulation. The four primary laws…