Administrative, or management, controls are implemented to administer the organization's assets and personnel and include security policies, procedures, standards, baselines, and guidelines that are established by management.
These controls are commonly referred to as soft controls.
Specific examples are personnel controls, data classification, data labeling, security awareness training, and supervision
Logical, or technical, controls are software or hardware components used to restrict access. Specific examples of logical controls include firewalls, IDSs, IPSs, encryption, authentication systems, protocols, auditing and monitoring tools, biometrics, smart cards, and passwords.