Which type of controls encompasses procedures and measures for data protection governed by human actions?

Operational controls encompass procedures and measures for data protection that rely heavily on human actions. These controls involve the day-to-day operational procedures that employees execute to ensure the security and integrity of data. This can include policies for handling data, training requirements for staff, incident response procedures, and other activities that depend on human involvement to function effectively.

Operational controls are vital because they define how systems should be managed and governed during regular operations. They are designed to address the practical aspects of maintaining security in an organization's work environment. For instance, if employees are trained on recognizing phishing attempts or are required to follow strict protocols when accessing sensitive information, these are examples of operational controls in action.

Technical controls, on the other hand, involve the hardware or software solutions that enforce security. Managerial controls focus on the policies and governance aspect to manage risk, while physical controls relate to the physical security measures protecting the organization's facilities. Each plays a unique role in an overall security framework, but operational controls are specifically tailored to the actions that individuals must take to protect data.