A fair to large amount of technical threats can be mitigated through administrative controls. One could think of administrative controls harshly as “idiot rules” as a lot of administrative controls protect personal procedures, general access from unauthorized roles or the common internal mistake.
Administrative controls extend further then just fool proofing, they also involve security policies, information classification, investigations and testing. Security policies, security awareness programs, testing and separation of duties are all preventive controls to prevent technical threat agents from committing cybercrime. Security policies ensure that information technology is aligned with the organizations goals and risk matrix. Testing ensures new deployments will not create weaknesses in existing fortified units and the separation of duties will prevent unauthorized users from gaining access to corporate areas without the enterprises authority.
Investigations along with monitoring and supervising are detective administration controls. These controls protect the enterprise from technical threats by providing information. When threats become problems, information is your best friend. Information found from monitoring and investigations can aid in reversing extremely problematic situations.
Administrative controls are the for-runner of the physical, technical and administrative pyramid as Administrative controls can determine both your physical and technical controls. An enterprise should have thorough administrative controls in place and reviews regularly.