During an incident review, a security analyst finds that attackers exploited an unpatched content-management plug-in on a public web server. After eradicating the malware, the analyst rebuilds the server from a known-good image and applies vendor patches to return the service to a secure operating state. Which type of control is the analyst implementing to address the incident's impact?
The analyst is taking steps to restore the affected system to a normal, secure state after the compromise. Such measures-re-imaging, patching, and other post-incident remediation-are corrective controls because they reduce or eliminate the impact of a vulnerability once it has been exploited. Preventative controls are deployed before an attack to block it, detective controls identify events after or while they occur without necessarily fixing them, and compensating controls provide an alternative safeguard when a primary control is infeasible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between corrective and preventative controls?
Open an interactive chat with Bash
Can you give some practical examples of corrective controls?
Open an interactive chat with Bash
How do corrective controls fit into an incident response plan?