Types of preventive controls
Typically, there are three types of controls that a blue team could consider. Each type of control should be evaluated by the blue team, and assessed per its risk ratings, to select the appropriate level of control. It is also important to note that in real life, one control may span across multiple or even all of these three categories. Hence, blue teams should invest their time in selecting what is the best fit for their setup.
Administrative
Administrative controls are also referred to as soft controls. Their focus tends to be from a process or an administration perspective, hence they tend to be harder to enforce. The following are some examples of preventative administrative controls: