What type of control is intended to discourage violations of security policies?

A deterrent control is designed to discourage individuals from violating security policies by creating the perception of consequences or by making the likelihood of detection higher. These controls serve as a psychological barrier, aiming to dissuade potential violators from attempting to exploit weaknesses in security measures. Examples of deterrent controls include warning signs, security awareness training, and surveillance cameras.

The focus of deterrent controls is primarily on prevention rather than direct intervention. By making policies clear and signaling that violations will be noticed and may lead to repercussions, organizations can effectively reduce the number of security incidents.

Other types of controls serve different purposes: directive controls are intended to provide guidance and outline acceptable behaviors, preventive controls aim to block potential security incidents before they happen, and detective controls are meant to identify and respond to security incidents after they occur. Each type has its place in a comprehensive security strategy, but deterrent controls specifically target the motivation behind policy violations.