What do administrative (directive) controls encompass?

Administrative controls, often referred to as directive controls, encompass organizational policies and procedures that govern the behavior of individuals and the operations within an organization. These controls are fundamental in establishing a security framework, as they provide direction and guidelines for personnel, dictate how security measures should be implemented, and outline the responsibilities of various roles within the organization.

By focusing on organizational policies, these administrative controls include everything from acceptable use policies, security training, and incident response procedures to compliance protocols and governance structures. They serve to guide employees in making informed decisions regarding security practices, ensuring that everyone understands the protocols necessary to protect organizational assets.

The options related to physical security measures, technology-specific guidelines, and employee salary structures do not fall under the umbrella of administrative controls. Instead, physical measures are typically classified as physical security controls, technology-related guidelines would align more with technical controls, and salary structures are more related to human resources management rather than directly influencing security protocols. Thus, the choice highlighting organizational policies and procedures accurately represents the scope of administrative controls within the context of security and risk management.