Which of the following is not a technical control used to address a vulnerability?

Unlike the other controls listed, insurance simply transfers the risk to another organization at a cost. It does not take any action to prevent the risk from occurring. Patching, segmentation, and firewalling are all technical controls.