Which type of control is considered proactive in nature?

The correct choice identifies technical risk controls as proactive measures. Proactive controls are designed to prevent security incidents before they occur by implementing security measures in advance. Technical risk controls include tools and systems like firewalls, intrusion detection systems, encryption, and other technologies that actively work to mitigate risks by monitoring, detecting, and preventing unauthorized access or vulnerabilities within a system.

These controls operate in anticipation of security breaches, allowing organizations to establish defenses against potential threats rather than simply responding to incidents after they happen. In this sense, they embody a proactive approach to managing security, focusing on prevention and readiness rather than reaction.

The other types of controls, such as management or reactive controls, typically focus on responding to incidents or managing processes after a breach or security issue has been identified, thus lacking the forward-looking aspect that characterizes proactive controls.