Which term describes controls that establish or enforce a specific action or behavior?

The term that best describes controls established to enforce a specific action or behavior is directive controls. These controls are designed to influence the way individuals and systems behave by providing specific guidelines, policies, and procedures. By outlining expectations and required actions, directive controls help ensure that all stakeholders understand their roles and responsibilities within an organization's framework.

For example, an organization may implement a security policy that mandates regular password changes and the use of complex passwords. This policy serves as a directive control by clearly instructing users on what is expected of them, thereby guiding their behavior toward security compliance.

Preventive controls, while also important, aim to stop undesirable events from happening in the first place rather than directing how things should be done. Deterrent controls focus on discouraging individuals from engaging in unauthorized actions, but they do not specify or enforce particular behaviors. Administrative controls include a broader category, comprising policies, procedures, and standards, which can include directive controls. However, the term "directive controls" narrows it down to those specifically established to instruct and enforce behavior.