Final answer:
Awareness training is the most direct preventive control against social engineering threats because it educates users on how to recognize and respond to such attacks. Other methods like controlling physical access and encryption are important but don't address the human element that social engineering exploits. The correct option is d. Awareness training.
Step-by-step explanation:
To provide adequate security against social engineering threats, several preventive controls are necessary. The options presented offer different methods to secure information and individuals from these kinds of attacks. However, when looking at the options, the one that directly addresses the human element of social engineering threats is:
Awareness training: This is a crucial control mechanism because social engineering exploits human psychology rather than technological vulnerabilities. Training can inform and educate users on how to recognize social engineering attempts, the importance of protecting sensitive information, and what to do if they suspect they are being targeted.
Other options, such as:
Controlling physical access, which pertains to preventing unauthorized individuals from gaining access to facilities where they can attempt social engineering in person.
Encryption, which is important in protecting data but may not address social engineering directly.
Profiling, which involves monitoring and analyzing behaviors to detect potential threats, might be useful but can also raise privacy concerns.
In practice, a comprehensive security strategy should include a mix of these controls, but awareness training is the key preventive control against social engineering.
The correct option is d. Awareness training.