Print this chapterPrint this chapter

Risk Management

Instruction

Countermeasure Selection Considerations: Review

Applying criteria for selection will assist in measuring the true costs of implementing that countermeasure. Take the case of an ATM at a bank. The following questions should be asked:

  • What are the 'real' costs of changing security controls?

  • How would a chip and pin solution be calculated effectively? What would need to be considered?

  • What other options may have been considered instead of chip and pin? Shutting down ATMs? Biometrics? More physical security?

There are seven possible functions that a security countermeasure can fulfill.

  1. Control access

  2. Help assess the attack

  3. Delay the attack

  4. Deter an attack

  5. Detect an attack

  6. Respond to the attack

  7. Collect evidence of the attack

Various countermeasures can perform one or more of these functions.