During an incident response, what type of control should be implemented if the primary security control is not feasible due to technical or business constraints?
Compensating controls are security measures that are taken to satisfy the requirement for a security control that is deemed too difficult or impractical to implement at the time. They provide an alternative measure to mitigate risk to an acceptable level.