A technical security measure, also known as a logical control, is a safeguard implemented through hardware, software, or firmware. Encryption is a quintessential example of a technical control; it uses cryptographic algorithms executed by software or specialized hardware to transform data into an unreadable format, thereby protecting its confidentiality and integrity. The other options fall under administrative, procedural, or physical control categories, which are distinct from technical measures that operate directly on information systems and data.

B. Security policy: This is an administrative control that establishes management's intent, expectations, and direction for information security. It is a document, not a technology.

C. Safe storage of backups: This is primarily a physical and procedural control concerning the protection of backup media in a secure location (e.g., a fireproof safe or off-site facility).

D. User role profiles: This is an administrative control that defines the access permissions and responsibilities for different job functions. The profile itself is a policy construct.

1. ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

Annex A, Clause 8 (Technological controls): This section lists controls implemented via technology. Control A.8.24 Use of cryptography directly corresponds to encryption.

Annex A, Clause 5 (Organizational controls): This section lists administrative controls. Control A.5.1 Policies for information security and A.5.15 Access control correspond to security policies and the definition of user roles, respectively.

Annex A, Clause 7 (Physical controls): This section lists physical controls. Control A.7.10 Storage media addresses the physical protection of media, which is central to the "safe storage of backups."

2. Peltier, T. R. (2013). Information Security Fundamentals (2nd ed.). CRC Press.

Chapter 4, "Security Management Concepts and Principles," pp. 55-57: This university-level textbook clearly distinguishes between three classes of security controls: administrative, technical (logical), and physical. It explicitly categorizes encryption as a technical control and policies/procedures as administrative controls.

3. Stallings, W., & Brown, L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson.

Chapter 1, "Overview," Section 1.4, "Computer Security Challenges": This text, widely used in university computer science curricula, classifies security controls. It places cryptography and access control mechanisms (the software part) under technical controls, while policies, procedures, and personnel management are classified as administrative or management controls.