Which control type includes the implementation of policies to enhance security awareness among employees?

The correct answer highlights the role of administrative controls, which are essential for establishing governance within an organization. Administrative controls encompass the creation and enforcement of policies and procedures aimed at guiding employee behavior to improve security awareness.

By implementing training programs, awareness campaigns, and formal security policies, organizations can foster a culture of security that encourages employees to recognize and respond to potential threats effectively. These policies may cover aspects such as acceptable use of resources, incident reporting procedures, data protection practices, and overall security responsibilities.

In contrast, technical controls are more focused on the tools and systems used to protect information, such as firewalls and encryption technologies. Physical controls relate to tangible security measures that protect facilities and infrastructure, such as locks, security guards, and surveillance cameras. Deterrent controls aim to discourage potential breaches through methods such as warnings and visible security mechanisms but do not necessarily involve policy implementation or employee training directly.

Thus, administrative controls serve as the foundation for instilling security awareness among employees, making it the correct answer to the question.