The purpose of a prevention security control is to avert a security threat before it occurs. Preventing a security threat requires analysis and planning. Some physical, administrative, and technical security controls are used for prevention.

For example, locks and key cards are physical control measures intended to prevent a security attack. Security awareness training and company password policies are administrative examples of preventive controls. Technical controls that are preventive include encryption, hashing, authentication, authorization, installing operating system security patches, using anti-virus and malware detection software, and the use of firewalls.