Controls are safeguards or countermeasures that you put in place in order to avoid, detect, counteract, or minimize potential threats against your information, systems, or other assets.
Preventions are controls that may completely prevent a particular attack from being possible. For example, if you identify a threat that your users’ personal information may be identified by certain application logging, and you decide to completely remove that logging, you have prevented that particular threat.
A data flow diagram is a depiction of how information flows through your system. It shows each place that data is input into or output from each process or subsystem. It includes anywhere that data is stored in the system, either temporarily or long-term.