Control
Means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be administrative, technical, management, or legal in nature.
Source:
[ISO/IEC 27000:2009(E)] ISO/IEC 27000:2009(E) Information Technology - Security techniques - Information security management systems - Overview and vocabulary.