What is an example of an administrative risk?

In the context of risk assessment, administrative risks are associated with policies, practices, and procedures within an organization that can lead to vulnerabilities or security breaches. One prominent example of an administrative risk is inadequate training of staff.

When staff members are not properly trained, they may lack the knowledge or skills necessary to recognize and respond to security threats, follow established procedures, or operate equipment safely and effectively. This lack of training can lead to improper handling of sensitive information, negligent behavior, or failure to comply with security protocols, which increases the organization's exposure to various risks, including data breaches, operational inefficiencies, or physical security incidents.

Other options provided relate more to technical or physical risks. System vulnerabilities in IT infrastructure focus on technical flaws in software or hardware. Thieves breaking into a facility pertains to physical security risks, while hardware failure during operations involves risks related to equipment reliability. In contrast, the emphasis on inadequate staff training exemplifies how human factors and administrative shortcomings can directly impact an organization's security posture. This highlights the importance of comprehensive training programs and ongoing staff development in mitigating administrative risks.