Comprehensive and Detailed Explanation (250–350 words)

===========

The EC-Council CCISO program defines a security control objective as a statement that describes the intended outcome or purpose of implementing a specific security control. For auditors, control objectives provide a benchmark against which effectiveness can be evaluated.

CCISO documentation explains that auditors are not primarily concerned with how controls are implemented, but whether controls achieve their intended results. Control objectives answer the question: What risk is this control intended to mitigate?

Policy guidance (Option A) provides direction, not measurable outcomes. Techniques used to secure information (Option C) describe implementation details, not objectives. Audit frameworks (Option D) organize audits but do not define the purpose of individual controls.

By clearly defining expected outcomes, control objectives allow auditors to assess alignment between risk, control design, and control performance, which is a key CCISO governance principle.

Thus, the correct answer is Option B.