Security policies are not a part of technical controls but are a part of managerial controls. Managerial controls involve establishing security policies, procedures, and guidelines which are aimed at managing the organization's risk and ensuring that the security strategy is aligned with business objectives and regulatory requirements. Technical controls, on the other hand, are more focused on the use of technology to enforce security measures, such as firewalls, encryption, and intrusion detection systems.