To prevent unauthorized system changes in the future, what type of control should a security team recommend?

Preventive controls are designed to stop unauthorized actions before they occur, making them the most suitable type of control in this scenario. By implementing preventive controls, such as access controls, authentication mechanisms, and configuration management processes, the security team can effectively mitigate the risk of unauthorized system changes in the future.

These controls not only help in enforcing security policies but also establish barriers against potential threats, ensuring systems are protected before an incident happens. This proactive approach is essential for maintaining a secure environment and supporting organizational security objectives.

Other types of controls serve different purposes. Corrective controls are intended to restore systems after a security incident has occurred, detective controls focus on identifying unauthorized changes once they have happened, and compensating controls provide an alternative measure when primary controls cannot be implemented. While all types of controls have their place in a comprehensive security strategy, preventive controls are specifically aimed at reducing the likelihood of unauthorized changes from happening in the first place.