There are various different pieces that must be taken into consideration and cooperate to build an efficient information security foundation for an organization. These pieces are known as security controls, and there are multiple different categories of these controls. Technical security controls are advancing in sophistication at an exponential rate, at a much faster pace than controls defined within the other categories. Administrative controls encompass policies, procedures, guidelines and documentation of this nature. While often overlooked, the administrative side of the fence severely impacts the state of an organization. The foundationthe frameworkof every organization must be the development of policies.”]
Source: https://securityaffairs.co/wordpress/35833/security/cyber-security-threat-prevention.html