Corrective Controls

Also known as: Remediation controls, Reactive controls

Security measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state.

Corrective controls are remediation activities and technologies invoked once a security event has been detected. Typical examples include isolating an infected endpoint, killing malicious processes, restoring data from backups, patching the exploited vulnerability, rotating compromised credentials, and rebuilding systems from golden images. They are tightly coupled with the incident-response lifecycle and rely on accurate detection plus tested recovery procedures. Their effectiveness is measured by MTTC, MTTR and the ability to meet RTO and RPO objectives.

Examples

Automatically quarantining a host where ransomware behaviour is detected by EDR.
Restoring a database from the last clean snapshot after a wiper incident.

Corrective Controls

Examples

Related terms

Preventive Controls

Detective Controls

Compensating Controls

Incident Response

Mean Time to Recover (MTTR)

Recovery Time Objective (RTO)

Definition

Examples

Related terms

Preventive Controls

Detective Controls

Compensating Controls

Incident Response

Mean Time to Recover (MTTR)

Recovery Time Objective (RTO)