What type of security control is being used when restoring backups from a secure system after a ransomware attack?

Restoring backups from a secure system after a ransomware attack is an example of corrective control. Corrective controls are designed to address and rectify situations after a security incident has occurred. In this case, the ransomware attack has already compromised data or systems, and restoring from backups serves to recover and restore the affected data to its original state, thus mitigating the impact of the attack.

This recovery process not only aims to restore functionality but also to ensure that the organization can continue its operations without the loss of critical information. It directly addresses the consequences of the security breach, which aligns with the purpose of corrective controls. Other types of controls serve different purposes; for instance, preventive controls seek to prevent incidents from occurring in the first place, while detective controls focus on identifying and detecting incidents once they occur. Compensating controls, on the other hand, are alternative measures used to fulfill the requirement of a primary security control that cannot be implemented. In this context, the act of restoring backup data specifically responds to the fallout from an incident, solidifying its classification as a corrective control.