Risk Management
Instruction
Countermeasure Selection Considerations: Review
Applying criteria for selection will assist in measuring the true costs of implementing that countermeasure. Take the case of an ATM at a bank. The following questions should be asked:- What are the 'real' costs of changing security controls?
- How would a chip and pin solution be calculated effectively? What would need to be considered?
- What other options may have been considered instead of chip and pin? Shutting down ATMs? Biometrics? More physical security?
There are seven possible functions that a security countermeasure can fulfill.
- Control access
- Help assess the attack
- Delay the attack
- Deter an attack
- Detect an attack
- Respond to the attack
- Collect evidence of the attack
Various countermeasures can perform one or more of these functions.