Which of the following is an example of a deterrent control in an information-security context?

In an information-security context, deterrent controls are designed to discourage potential threats by making it clear that there will be consequences for malicious actions. Logging and monitoring serve as a prime example of a deterrent control because they create a visible record of user activities and system events. This visibility can deter individuals from attempting unauthorized actions since they know their behavior is being tracked and may be subject to review.

When individuals perceive that their actions are being monitored, they are less likely to engage in risky or malicious behavior, effectively acting as a preventive measure against potential threats. The knowledge that there is a system in place to capture and analyze activities can instill fear of detection and consequences, which is a core principle of deterrent controls.

In contrast, while firewall filters enhance security by blocking unauthorized access and authentication verifies users' identities, these measures do not inherently serve to deter malicious actors from attacking in the same way that monitoring does. Similarly, reducing the number of personnel with access rights increases security but does not directly deter potential threats; it merely limits exposure.