What type of controls are implemented to fortify systems before a security incident occurs?

Preventative controls are designed to stop security incidents before they happen. These controls focus on reducing vulnerabilities and mitigating risks to protect systems and data from potential threats. Examples of preventative controls include firewalls, antivirus software, access controls, and encryption. By implementing these measures, organizations aim to create a stronger security posture, thereby minimizing the likelihood of breaches or attacks.

Detective controls, while essential for identifying incidents once they occur, do not prevent them. Corrective controls respond to incidents to restore systems and minimize damage after a breach. Deterrent controls serve to discourage attacks or unauthorized behavior but do not actively prevent their occurrence. Thus, the emphasis with preventative controls lies in proactive measures that can thwart security threats before they impact the organization.