What type of control seeks to avoid a potential risk before it occurs?

The choice of preventive control is correct because this type of control is expressly designed to avert potential risks before they manifest. Preventive controls are proactive measures that organizations implement to minimize the likelihood of undesirable events or security breaches occurring.

For instance, installing security software, regular employee training on security awareness, and implementing access controls are all examples of preventive actions aimed at deterring risks related to data breaches or fraud. The key characteristic of preventive controls is their focus on risk avoidance rather than responding to incidents or issues after they have occurred.

Detective controls, on the other hand, are focused on identifying and detecting risks or incidents after they have taken place, but they do not prevent these events from happening in the first instance. Corrective controls are implemented after a risk has occurred to rectify issues and restore systems or processes to their desired state. Responsive controls entail measures taken in reaction to specific incidents or threats, rather than aiming to preemptively stop them. Understanding these distinctions reinforces the importance of preventive measures in an organization's overall risk management strategy.