What is an example of a Corrective Control?

A corrective control is a mechanism designed to respond to and mitigate the impact of security incidents after they occur, allowing organizations to recover from damage and restore systems to their normal operation. Data backups exemplify this concept because they are used to restore lost or compromised data following an incident such as data corruption, accidental deletion, or a cyber attack. By having a backup in place, organizations can recover their systems to a state prior to the incident, effectively correcting the consequences of the disruption.

In contrast, anti-malware software primarily functions as a preventative measure, aiming to detect and block malicious software before it can cause harm. Security policies establish guidelines and protocols aimed at preventing incidents from occurring in the first place, while encryption protects data by converting it into a secured format, preventing unauthorized access. Therefore, while all the options perform valuable security functions, data backups specifically act as a remedial step in correcting issues after they arise.