Compensating control
Definition
A security measure that reduces risk when the ideal control cannot be applied immediately. For example, routing traffic through a monitored proxy while a vulnerable service awaits patching. Compensating controls are by definition temporary.
Related terms
- Access revocation
- The removal of permissions, accounts, or trust relationships that the attacker exploited or could exploit. Distinct from credential rotation in that it...
- Attack surface reduction
- The systematic elimination of pathways an attacker could use to enter or move within a system. In incident response this includes closing...
- Credential rotation
- The process of invalidating and replacing passwords, API keys, certificates, and other authentication tokens that may have been exposed during an incident....
- Long-term containment
- The incident response phase in which emergency stabilisation measures are replaced with durable controls, such as patches, credential rotation, and firewall changes,...
- System hardening
- Configuration changes that reduce a system's attack surface by disabling unnecessary services, applying least-privilege access, enabling audit logging, and removing or restricting...
Explained in
- Long-Term Containment and System HardeningA security measure that reduces risk when the ideal control cannot be applied immediately. For example, routing traffic through a monitored proxy while a vulne...