Administrative Policy Controls for Good Business Practices

D.

The administrative policy control that requires individuals or organizations to be engaged in good business practices relative to the organization's industry is "Due care."

Due care is a policy control that obliges organizations and individuals to act prudently and reasonably when dealing with sensitive information and assets. The goal is to minimize risk and prevent harm to the organization and its assets. Due care policy includes implementing reasonable safeguards and following industry standards and best practices for protecting the organization's information and assets.

Due care policies ensure that organizations engage in good business practices that are relevant to their industry. For example, healthcare organizations are expected to comply with the Health Insurance Portability and Accountability Act (HIPAA) regulations. Financial institutions are expected to comply with regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with these regulations can result in hefty fines, legal action, and reputational damage.

Segregation of duties and Separation of duties are both policies that help prevent fraud, errors, and malicious actions by dividing roles and responsibilities among different individuals. Segregation of duties ensures that no single individual has complete control over an organization's assets, while Separation of duties ensures that critical tasks require multiple individuals' involvement.

The Need to Know policy limits access to sensitive information and ensures that only authorized individuals have access to it. This policy helps prevent unauthorized access to sensitive information.

In summary, while all the policy controls listed above play a crucial role in protecting an organization's assets, the policy control that requires individuals or organizations to be engaged in good business practices relative to the organization's industry is Due care.