Which strategy focuses on preventing attacks before they happen?

The strategy that focuses on preventing attacks before they happen is prevention. This approach involves implementing measures and processes designed to thwart potential threats and vulnerabilities before they can cause harm or compromise systems. Prevention encompasses various techniques such as implementing firewalls, antivirus software, security policies, and employee training to create a robust defense against potential attacks.

By prioritizing prevention, organizations aim to reduce the likelihood of successful attacks, thereby protecting sensitive data and maintaining operational integrity. This proactive stance helps organizations not just mitigate risk but also maintain trust with stakeholders by demonstrating a commitment to security.

In contrast, the other strategies do not emphasize proactive measures to halt attacks before they occur. Detection is focused on identifying security incidents after they've already started, while response deals with the actions taken during or after a security event has been detected. Assessment involves evaluating existing security measures and identifying weaknesses, which is more about understanding risks rather than actively preventing them.