Policies and procedures implemented by an organization to manage and regulate user behavior and system operation. These include security policies, operating procedures, rules of behavior, and personnel controls, among others. Administrative controls are a vital part of an organization’s overall security strategy, serving to guide the appropriate use and handling of resources, define roles and responsibilities, and establish processes for monitoring, incident response, and recovery. They complement technical and physical controls to create a multi-layered defense against security threats.