What type of control is disabling a compromised system's network adapter considered?

Disabling a compromised system's network adapter is considered a corrective control. Corrective controls are designed to address and mitigate the damage after a security incident has already occurred. When a network adapter is disabled, it prevents further communication with external networks, which essentially limits the possibility of data exfiltration or propagation of the compromise. This action helps to restore the system’s integrity and security by isolating it from further threats.

In this context, other types of controls do not accurately describe this action. Preventive controls aim to stop incidents from occurring in the first place, such as firewalls or regular software updates. Detective controls are focused on identifying and alerting the presence of security incidents, like intrusion detection systems. Compensating controls are alternatives put in place when a primary control is not feasible, often providing similar risk mitigations. Thus, the action of disabling the network adapter directly intervenes after a compromise has been detected, making it clearly a corrective measure.