Which of the following represents a proactive control measure?

Regular security training for employees is a proactive control measure because it aims to equip staff with the knowledge and skills necessary to prevent security incidents before they occur. By educating employees about security policies, best practices, and their role in maintaining security, organizations can reduce the likelihood of human error, which is often a significant factor in security breaches. This measure fosters a security-aware culture within the organization, enabling employees to recognize and respond appropriately to potential threats, thereby contributing to the overall security posture.

In contrast, monitoring security events and addressing incidents as they occur are reactive measures. They involve responding to situations after they have already happened, rather than taking steps to prevent them. Incident response planning, while critical for effective responses to security incidents, is also oriented toward managing incidents after they are detected. Thus, regular training stands out as a proactive approach focused on prevention rather than response.