Risk Management: Identification of Countermeasures

A countermeasures analysis is conducted that identifies shortfalls between the existing security system and the recommended security system.

The performance standard to be achieved by the site is influenced by the sophistication of potential attackers.

In assigning a performance standard to be achieved by the site, we recommend that site management implement measures that would successfully:

• DETER an attack if possibl
• DETECT an attack when it occurs
• DELAY the attacker until appropriate authorities can intervene
• RESPOND to neutralize the adversary, to evacuate, shelter in place, call local authorities, control a release, or other actions

The SVA team evaluates the merits of possible additional countermeasures by listing them and estimating their net effect on lowering the likelihood or severity of the attack. The SVA team attempts to lower the risk to an acceptable level.

To comprehensively identify potential exposures, an SVA requires talented, multi-disciplined security professionals who are trained and experienced not only in the application of specialized methodologies and software, but the industry itself. Since few organizations have the available resources necessary to perform a comprehensive vulnerability assessment in-house, most find themselves turning to a Managed Security Services provider to perform an objective SVA.