Cisco Cyber Security Practice Exam 2025 - Free Cyber Security Practice Questions and Study Guide

The implementation of policies on handling sensitive information falls under administrative controls. Administrative controls include the guidelines, rules, and procedures established by an organization to manage the behavior of personnel and ensure compliance with security practices. By setting these policies, the organization instills a framework that governs how employees must act regarding the protection and management of sensitive information.

These controls are vital because they help mitigate risks associated with human error, negligence, or malicious actions. They provide clear expectations regarding responsibilities related to data protection, access restrictions, and incident response, ensuring that all personnel understand their roles in safeguarding sensitive information.

Technical controls involve the use of technology to enforce security measures, such as firewalls or encryption. Physical controls relate to the physical security of facilities and assets, such as locks or surveillance cameras. Deterrent controls are designed to discourage unwanted actions but do not directly involve policy enforcement. Each of these control types serves distinct purposes; however, establishing policies is specifically an administrative function, focusing on human and organizational behavior rather than technology or physical measures.