Your company's security policy comprises guidelines for system testing and security awareness training. Which category of security controls does this fall under?

Testing and training are examples of preventive administrative controls, which specify how security policies should be implemented to achieve the company's security objectives. A detective technical control employs technology to reveal a violation, while preventive technical control attempts to prevent a violation via technology. Detective administrative controls employ policies, procedures, and guidelines to uncover a violation.