Preventive Controls
What is Preventive Controls?
Preventive ControlsControls designed to stop a security event from occurring in the first place by removing the opportunity or capability to act.
Preventive controls block, deter, or restrict actions before damage occurs. Examples include MFA, encryption, firewalls, network segmentation, principle of least privilege, secure coding, application allowlisting, endpoint hardening, and security awareness training. They are typically the most cost-effective layer because they avoid incidents rather than respond to them, but they cannot be perfect. A defense-in-depth strategy pairs preventive controls with detective and corrective controls so that anything that bypasses prevention is still seen and contained.
● Examples
- 01
Enforcing FIDO2 phishing-resistant MFA on all administrative accounts.
- 02
Network segmentation that prevents a compromised marketing laptop from reaching the payments environment.
● Frequently asked questions
What is Preventive Controls?
Controls designed to stop a security event from occurring in the first place by removing the opportunity or capability to act. It belongs to the Defense & Operations category of cybersecurity.
What does Preventive Controls mean?
Controls designed to stop a security event from occurring in the first place by removing the opportunity or capability to act.
How do you defend against Preventive Controls?
Defences for Preventive Controls typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Preventive Controls?
Common alternative names include: Preventative controls.