Administrative controls relate to the procedural elements of risk mitigation, including avoiding lapses in policies, procedures, or security activities and setting acceptable use terms for employees. For example, a company that does not restrict employee web-surfing may leave itself open to potential threats. Technical controls relate to the actual technology itself, such as having a secure wireless connection and passwords that are difficult to hack. Physical controls relate to physically ensuring that the premises are difficult to access, which such as having security guards posted at all exterior doors. Systems must be safeguarded on all of these various fronts -- employees must know how to ensure that their behavior enhances security, and procedures must be clearly delineated. The system itself must be technically up-to-date and protected using controls such as firewalls. Impingements from outside by potential assailants (such as a terrorist 'hacker' posing as an employee) must also be carefully guarded.

Q3. Identify and explain how to gather data on administrative, technical, and physical...

Quantitatively, risk assessments can take the form of numerically determining the likelihood of risks, the financial costs of breaches, and also the costs of protecting vs. repairing such breaches. However, such controls can be difficult to calculate in a truly accurate fashion. Qualitative assessments involve trouble-shooting and observations and future mapping of likely problem areas using analytical techniques. Ideally, a combination of the two is required. Interviewing personnel to determine administrative risks, engaging in simulated attacks to determine technical risks, and surveying the site to assess physical risks are all examines of how a review can be conducted using a variety of elements. Assessing quantitatively the costs of past risks and measuring the likelihood of reoccurrence provides information when constructing effective qualitative trials such a simulation of a technical or physical attack upon the…