Security Controls - Preventive

Preventive

What you are trying to do is prevent some form of security breach/incident.

Change management: Making sure that there or no outages that were not planned. Being as I work as an IT administrator, it's easy to want to make changes on the fly. The first step in this process is to submit the change plan and get approval. These changes can be network configuration changes or changing to a more current operating system. We need to plan, test, and practice before attempting the changes to reduce the chances of downtime on a production network.

Security awareness and training: Make users aware of social engineering attacks, email, and social network best practices. Once the users are aware of the tactics a social engineer might use, the less chance of them being fooled into revealing the passwords. For example, Microsoft is not going to call you and ask for your password, which is a threat actor attempting to social engineer you.

Disabling Accounts: Having an account disablement policy when an employee leaves the organization can help prevent the former employee from access their old account and possibly causing a security breach. 

In 2008 a contractor working for Fannie Mae was told during the day that he was being fired for a scripting error he made earlier in the month. He was allowed to work through the end of the day. He then loaded a logic bomb set to launch a few months later. Luckily for the company, the logic bomb was discovered, otherwise, it would have crashed 4000 servers crippling Fannie Mae.

Disabling his account as soon as he was notified would have prevented the contractor from installing the logic bomb.

Hardening systems: This best practice includes systems, applications, and operating systems. Disabling unnecessary services, and protocols. Applying security patches and updating firmware. Changing default usernames and passwords. Disabling unnecessary accounts. Disabling unused ports on switches.