After a security breach, what type of control is removing malicious software from a server classified as?

Removing malicious software from a server is classified as a corrective control. Corrective controls are designed to rectify issues that have already occurred, such as addressing the consequences of a security breach. In this context, the act of eliminating malware helps to restore the system to a secure state, preventing further damage or exploitation that may arise from the existing malware.

Preventive controls aim to thwart security incidents before they happen, such as firewalls or encryption techniques that deter unauthorized access. Detective controls, on the other hand, are meant to identify and alert on incidents once they occur, such as intrusion detection systems. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible. Thus, the removal of malicious software is directly linked to correcting a problem that has already manifested, affirming its classification as a corrective control.