Corrective controls are implemented to minimize the extent of damage caused by a security incident after it has taken place. These controls focus on containing the incident, recovering from it, and preventing similar incidents from occurring in the future. Examples of corrective controls include incident response plans, backup systems, and disaster recovery procedures. Preventive controls aim to prevent incidents from happening in the first place, while detective controls identify and respond to ongoing incidents. Compensating controls serve as a substitute for primary controls when they are not feasible or practical to implement.