Restoring Controls

B.

Corrective controls are concerned with remedying circumstances and restoring controls.

Detective controls are concerned with investigating what happen after the fact such as logs and video surveillance tapes for example.

Compensating controls are alternative controls, used to compensate weaknesses in other controls.

Preventive controls are concerned with avoiding occurrences of risks.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The type of control concerned with restoring controls is Corrective controls. Corrective controls are designed to identify and correct deviations from established security policies, procedures, or standards. These controls are put in place to ensure that any security breaches or incidents are quickly identified and that steps are taken to mitigate their impact.

Corrective controls are often implemented after an incident has occurred. They may include actions such as investigating the cause of the incident, restoring systems to their previous state, implementing additional security measures to prevent similar incidents in the future, and reviewing and updating security policies and procedures.

Compensating controls are a type of control that is put in place to provide an alternative method of achieving the same security goal as another control that is not feasible or cost-effective. Detective controls are designed to identify and report on security events or incidents. Preventive controls are designed to prevent security breaches from occurring in the first place.

In summary, Corrective controls are designed to restore controls after an incident has occurred, while Compensating controls provide an alternative method of achieving the same security goal, Detective controls are designed to identify and report on security events or incidents, and Preventive controls are designed to prevent security breaches from occurring in the first place.