Which control is used to discourage violations of security policies?

• A. Preventive Control
• B. Deterrent Control
• C. Detective Control
• D. Compensating Control

Answer: (B)

Deterrent controls are designed to discourage policy violations by signaling consequences and increasing the perceived risk or cost of breaking the rules. They influence behavior rather than physically preventing the action or detecting it after it happens. For example, clear security policies, warnings, and penalties communicate that violations will be met with consequences, causing people to think twice before acting. Preventive controls block or reduce the likelihood of an incident, detective controls identify when something has occurred, and compensating controls provide alternative safeguards when needed; none of these directly focus on discouraging the violation itself as effectively as deterrents.