What are administrative, technical, and physical security controls?

Administrative controls are management-oriented measures including policies, procedures, training, background checks, and risk assessments. Technical controls, also called logical controls, are implemented through technology including firewalls, encryption, access control lists, intrusion detection systems, and antivirus software. Physical controls protect the physical environment including locks, fences, security guards, cameras, mantraps, and environmental controls like fire suppression. A defense-in-depth strategy layers all three types so that if one control fails, others compensate. ---