Corrective Controls
What is Corrective Controls?
Corrective ControlsSecurity measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state.
Corrective controls are remediation activities and technologies invoked once a security event has been detected. Typical examples include isolating an infected endpoint, killing malicious processes, restoring data from backups, patching the exploited vulnerability, rotating compromised credentials, and rebuilding systems from golden images. They are tightly coupled with the incident-response lifecycle and rely on accurate detection plus tested recovery procedures. Their effectiveness is measured by MTTC, MTTR and the ability to meet RTO and RPO objectives.
● Examples
- 01
Automatically quarantining a host where ransomware behaviour is detected by EDR.
- 02
Restoring a database from the last clean snapshot after a wiper incident.
● Frequently asked questions
What is Corrective Controls?
Security measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state. It belongs to the Defense & Operations category of cybersecurity.
What does Corrective Controls mean?
Security measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state.
How do you defend against Corrective Controls?
Defences for Corrective Controls typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Corrective Controls?
Common alternative names include: Remediation controls, Reactive controls.