Which type of control focuses on managing security through policies and procedures?

The correct choice emphasizes the role of policies and procedures in security management, distinguishing it as administrative control. Administrative controls are essential for establishing the framework and guidelines that govern how an organization manages its security measures. They include strategies, rules, and practices that help to reduce risks and ensure compliance with various regulations and standards.

These controls encompass the creation and enforcement of security policies, employee training programs, incident response plans, and access control procedures. By systematically addressing security through administrative controls, organizations can foster a culture of security awareness and accountability, guiding employees toward expected behaviors and actions.

In contrast, the other types of controls serve different functions: technical controls involve technology solutions like firewalls and encryption to protect information, physical controls involve measures to secure physical assets such as locks and surveillance systems, and operational controls focus on the day-to-day activities that support security efforts. While each type of control is important, administrative controls specifically focus on the governance and procedural aspects of security management.