What type of control is used to reduce the effects of an undesirable event or attack?

The type of control designed to reduce the effects of an undesirable event or attack is known as a corrective control. This type of control is implemented after an incident has occurred with the primary goal of minimizing damage and facilitating recovery from an attack or adverse event. Corrective controls are often synonymous with incident response and recovery techniques, focusing on restoring systems to their normal operational state and addressing vulnerabilities that led to the incident.

For instance, if a security breach occurs, corrective controls may include patching affected systems, restoring data from backups, or enhancing security policies to prevent future incidents. By placing emphasis on recovery and improvement, corrective controls play a vital role in maintaining the resilience and integrity of an organization's security posture.

While preventive controls aim to stop an incident from occurring in the first place, and deterrent controls are intended to discourage potential attackers, corrective controls specifically address the aftermath of an event, effectively mitigating its impact.