What is the primary goal of preventive control in information security?

The primary goal of preventive control in information security is to stop an attack from occurring. Preventive controls are measures put in place to avoid the occurrence of security breaches by mitigating risks before they can lead to actual incidents. These can include strategies such as implementing firewalls, using antivirus software, conducting regular and thorough security training for employees, and establishing strong access control measures. By focusing on prevention, organizations aim to reduce the likelihood of threats and strengthen their overall security posture, thereby protecting sensitive data and maintaining the integrity of their systems.

The other options highlight important aspects of security but don't align with the specific function of preventive controls. Recovery from an attack pertains to corrective controls, which focus on restoring systems after an incident. Enhancing security policies is a broader aim that can involve various controls, not limited to prevention. Analyzing past incidents relates to detective and corrective controls that help organizations learn from past breaches to improve future responses and strategies.