What type of control has Alice deployed to address a vulnerability in an embedded device?

In the context of addressing vulnerabilities in embedded devices, a compensating control is utilized when a direct control may not be feasible or available. Compensating controls are alternative measures implemented to achieve the desired security outcome when the primary control is inadequate or difficult to implement.

For example, if a specific security feature is missing from the embedded device, Alice may deploy a compensating control such as network segmentation or enhanced monitoring to mitigate the risk associated with that vulnerability. This approach helps to ensure that the overall security posture remains strong, even if not all immediate vulnerabilities can be directly addressed.

Preventive controls, while important, focus on stopping security incidents before they occur through measures like firewalls and security training. Corrective controls aim to identify and fix problems after a security breach has occurred, and detective controls are designed to identify and report on incidents once they happen. In this case, since Alice is specifically addressing a vulnerability rather than reacting to an incident or merely trying to prevent one, the use of a compensating control is the most appropriate response.