Corrective controls are implemented to minimize the extent of damage caused by a security incident after it has taken place. These controls focus on containing the incident, recovering from it, and preventing similar incidents from occurring in the future. Examples of corrective controls include incident response plans, backup systems, and disaster recovery procedures. Preventive controls aim to prevent incidents from happening in the first place, while detective controls identify and respond to ongoing incidents. Compensating controls serve as a substitute for primary controls when they are not feasible or practical to implement.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of corrective controls?
How do corrective controls differ from preventive controls?
What is an incident response plan and why is it considered a corrective control?