Which type of control includes incident response and backups?

Corrective controls are actions aimed at restoring normal operations after a security incident or failure and reducing the impact of that event. Incident response plans guide how to detect, contain, eradicate, and recover from a breach, with the recovery and restoration steps restoring services to their normal state. Backups provide a way to restore data to a known-good point after data loss or corruption, enabling systems to resume functioning with minimal downtime. Together, these activities focus on recovery and restoration, which is the essence of corrective controls. Preventive controls aim to prevent incidents from occurring (like strong access controls or patching), detective controls focus on identifying incidents as they happen (like continuous monitoring and log analysis), and administrative controls cover governance, policies, and procedures. That’s why incident response and backups fit the corrective category.