There are three types of access controls: administrative, technical, and physical. Administrative controls consist of policies, standards, and guidelines which govern user behavior. Although often necessary to supplement the other types, administrative controls rely on human behavior; never rely on them as the only method of preventing access.
Technical access controls consist of user accounts, tokens, access control lists, or other mechanisms used to prevent or allow system, application, or user access to information resources. One or more technical controls should be in place to protect confidential information. However, these controls are not fully effective unless supported by physical controls.
Physical access controls prevent intruders from unauthorized access, as defined by policies, standards, and guidelines, which require actual physical contact with a system, including theft or destruction of one or more components of a system, laptop, PDA, etc.