What is classified as a corrective control?

Corrective controls are designed to address incidents that have already occurred, focusing on restoring systems to their normal operation and minimizing further damage. This type of control comes into play after a security breach or incident has taken place, with the aim of recovering lost data, repairing affected systems, or mitigating the impact of the incident.

For instance, if a system is compromised, implementing corrective measures might involve restoring data from backups, applying patches, and reconfiguring security settings to protect against future breaches. This distinguishes corrective controls from preventive measures, which are implemented to avoid incidents from happening in the first place, or from controls that are designed to train employees on security practices but do not directly address incidents.