What do Avoidance Controls achieve?

Avoidance controls are designed to reduce the frequency and probability that threat agents will have the opportunity to interact with valued assets. This proactive measure is aimed at preventing potential threats from materializing in the first place. By implementing avoidance controls, organizations can effectively lessen their exposure to various risks by eliminating or mitigating the circumstances that allow such risks to occur.

For example, avoidance controls could include measures such as creating policies that restrict access to sensitive data or systems, thereby minimizing the chances of unauthorized access or breaches. These actions ensure that potential threats are deterred from even attempting to access the organization's valuable assets.

The other options, while related to risk management and security, do not accurately describe the primary function of avoidance controls. Enhancing the overall security posture involves a holistic approach to security that encompasses more than just avoidance. Broader access to sensitive assets runs counter to the objective of avoidance controls, which is to limit access to mitigate risk. Lastly, mitigating risks after they occur relates to response and recovery strategies, which do not align with the core purpose of avoidance controls that focus on prevention.