Which of the following best describes the primary purpose of corrective controls in a security context?
To substitute for primary security controls when they are not available
To identify and detect security incidents as they happen
To prevent security incidents from occurring in the first place
To limit the damage and impact after a security incident has occurred