Certified Information Systems Auditor (CISA) — Question 243
Backup procedures for an organization's critical data are considered to be which type of control?
Answer options
- A. Compensating
- B. Directive
- C. Corrective
- D. Detective
Correct answer: C
Explanation
Backup procedures are categorized as corrective controls because they are designed to restore data after a loss or corruption has occurred. Compensating controls are alternatives to primary controls, directive controls provide guidance, and detective controls identify and alert about incidents, but do not restore data.