Which of the following is an example of a deterrent control?

A deterrent control is designed to discourage individuals from attempting to perform unauthorized actions or to deter potential threats before they happen. Implementing security awareness training fits this definition well because it educates employees about security policies, potential threats, and the consequences of security breaches. By increasing awareness and understanding of these issues, employees are less likely to engage in risky behavior that could lead to security incidents.

While strong encryption, antivirus software, and incident response plans are all essential security measures, they serve different purposes. Strong encryption acts as a preventive control by protecting data confidentiality, antivirus software actively detects and mitigates malware threats, and incident response plans are reactive controls that come into play after a security event has occurred. Therefore, the selection of security awareness training as a deterrent control correctly identifies a proactive approach toward influencing behavior and reducing the likelihood of security incidents.