Which type of security control is designed to discourage individuals from causing a security incident?

The type of security control that is designed to discourage individuals from causing a security incident is known as deterrent controls. These controls aim to instill a sense of risk or consequence associated with malicious actions, thereby discouraging individuals from engaging in behavior that could lead to a security breach.

For example, visible security cameras or warning signs about the existence of security systems are classic deterrent measures, as they remind potential wrongdoing individuals that their actions are being monitored and can lead to repercussions. By creating an environment where risks or consequences are clear, these controls help to prevent incidents from occurring in the first place.

In contrast, compensating controls are alternative measures put in place to mitigate risk when primary controls are not feasible. Directive controls are meant to provide guidelines or instructions and often focus on establishing an organization’s security policies. Preventative controls are designed to stop security incidents before they occur, but they do not specifically target discouragement; rather, they focus on preventing the incidents through various means, such as technical safeguards or employee training. Therefore, while related to overall security, these other control types do not specifically emphasize discouragement in the same way that deterrent controls do.