What is the primary purpose of Deterrent controls?

Deterrent controls are primarily designed to lower the threat actor's motivation to attack by creating an environment that discourages potential threats. These types of controls serve as a psychological barrier, making it clear that there are consequences for attempting unauthorized access or malicious activities. By indicating that robust security measures are in place, deterrent controls can lead to a reduced likelihood of attacks, as potential attackers may seek easier targets with lower risks.

While enhancing physical security measures and preventing all physical access to assets is important, those are functions of other types of security controls, such as preventive controls. In distinction, deterrent controls focus more on influencing the behavior and intentions of individuals who may consider performing an attack, rather than just fortifying the asset itself. Thus, the emphasis is on motivation and the likelihood of an attack occurring, making the correct choice a clear reflection of the fundamental purpose of deterrent controls.