Which type of risk control would involve using specific hardware or software such as firewalls and IDSs?

Technical risk controls encompass the use of hardware and software solutions designed to protect information systems and data from unauthorized access, breaches, and other threats. Firewalls and Intrusion Detection Systems (IDSs) are prime examples of such technical controls.

Firewalls act as a barrier between a trusted internal network and untrusted external networks, filtering incoming and outgoing traffic based on predetermined security rules. IDSs monitor network traffic for suspicious activity and can alert administrators to potential threats. By implementing these tools, organizations can effectively mitigate risks associated with malicious attacks, unauthorized access, and other vulnerabilities.

In contrast, management controls focus on the policies and procedures governing the security of information systems, while operational controls involve the day-to-day processes and practices that help maintain security. Physical security controls pertain to the protection of physical assets and facilities. Thus, the use of firewalls and IDSs clearly aligns with the definition of technical risk controls, making it the correct choice in this context.