Directive controls are the correct answer because they are intended to direct the actions of individuals or systems. Examples of directive controls include security policies and guidelines that provide instructions on how to maintain security. Preventive controls, such as firewalls and access controls, are designed to stop incidents from occurring. Detective controls, like intrusion detection systems, identify and respond to incidents. Corrective controls, such as backup systems, limit damage after an incident occurs.