Certified Information Security Manager (CISM) Practice Exam 2025 - Free CISM Practice Questions and Study Guide

Preventative controls are designed specifically to reduce the likelihood of a security incident happening in the first place. By implementing these controls, organizations can proactively address potential vulnerabilities. For instance, measures such as firewalls, access controls, and employee training are all examples of preventative controls that aim to stop threats before they manifest. Their primary focus is on avoiding incidents rather than responding to them or dealing with consequences after they occur.

Detective controls serve to identify and alert organizations about security events that have already taken place, while corrective controls are meant to address issues after they have occurred, focusing on recovery and repair. Deterrent controls aim to dissuade individuals from committing security breaches, but they do not directly prevent incidents from occurring. In contrast, the main objective of preventative controls is to create a secure environment that minimizes the chances of threats effectively arising.