Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Measure that is modifying risk.
Source: ISO 27000 - Information Security Standards
See also: Control activities; Control deficiency; Control environment; Control framework; Control objective; Internal control maturity level