Which type of controls are considered management policies, procedures, and guidelines that impact the entire system?

Management policies, procedures, and guidelines that impact the entire system fall under directive controls. These controls are designed to guide and influence the behavior of individuals and the overall approach to security within an organization.

Directive controls are intended to establish a framework for security practices, detailing what is expected from employees and the organization as a whole in terms of security measures. They facilitate compliance and provide instructions that help employees understand their responsibilities. By setting forth clear expectations and procedures, these controls aim to direct and enforce security policies effectively across the entire system.

In contrast, preventive controls focus on preventing security incidents before they occur, detective controls are geared toward identifying and detecting security breaches or vulnerabilities after they happen, and corrective controls come into play after a security incident has occurred, aiming to rectify any damage or vulnerabilities. While all of these controls are important for a comprehensive security strategy, it is the directive controls that specifically encompass the overarching policies, procedures, and guidelines that shape the organizational approach to security.