and  minimize  the  damage  the  development  would  cause.
            Examples of corrective power would be a fire suppression system,
            apprehending a suspect, or isolating a network.



            Recovery (Restoration) Controls

            Recovery controls are designed to restore a facility, a business
            process,  or  systems  back  to  normal.  The  corrective  fire
            suppression system  put  the fire out  -  and stopped the incident
            from spreading, but everything is certainly not back to normal
            after  the  light  is  out.  The  next  step  requires  a  recovery  or
            restoration  effort  to  clean  up  the  damage,  rebuild,  and  restore
            operations to normal. Other examples of recovery controls could
            be repairing a system from backup files, or training new staff.


            Compensating Controls

            Compensating  controls  are  used  where  other  controls  are  not
            available  or  are  inadequate  to  protect  the  organization.
            Compensating controls are put in place to make up for (or offset)
            the lack of other restrictions. Examples of compensating controls
            are increased supervision of staff with elevated permissions, dual
            control or separation of duties, and cross-training of a team.


            What is Risk?

            Here are several definitions of risk from authoritative sources:

            Risk is a combination of the consequences that would follow
            from the occurrence of an unwanted event and the likelihood of
            the incident. ISO/IEC 27005