What category of security control BEST describes the function of implementing a new security system after a server outage?

Implementing a new security system after a server outage falls under the category of corrective security control. Corrective controls are designed to rectify a problem or mitigate the impact of an incident that has already occurred. In this case, the server outage represents a breach or failure in the existing security measures. By installing a new security system, the organization aims to address the vulnerabilities that led to the outage, thereby preventing similar issues in the future.

Operational controls are related to the day-to-day processes and procedures that maintain an organization's security posture, whereas preventive controls focus on actions taken to avoid security incidents before they happen. Detective controls, on the other hand, are intended to identify and detect incidents as they occur, rather than fixing issues after they have manifested. In this context, implementing a new security system is an active step to correct past failures, making it a corrective measure.