What is an example of an administrative security control?

An example of an administrative security control is the creation of an incident response plan. Administrative controls focus on policies, procedures, and regulations that govern how an organization manages and protects its information assets. An incident response plan outlines the steps to take in the event of a security breach or incident, ensuring that there is a structured response to mitigate damage and recover effectively. This kind of planning is fundamental to preparing an organization to handle security incidents, making it an essential part of an overall security strategy.

In contrast, other options represent different categories of security controls. Issuing smart access cards pertains to physical security controls, which are measures put in place to protect physical access to facilities and assets. Backing up system files regularly is an example of a technical control focused on data protection and recovery. Installing a firewall is also a technical control, specifically related to network security, aimed at protecting the network from unauthorized access and attacks. While all are important aspects of a comprehensive security strategy, only the creation of an incident response plan falls under the administrative security controls category.