Implementing countermeasures require the expenditure of resources- whether time, money, or other capabilities. Sometimes, implementing a countermeasure may be relatively inexpensive or easy to do, while others are more difficult and costly.
Because of this, it’s important to carefully consider each potential countermeasure before implementation. When developing countermeasures, ask yourself the following questions:
- What is the cost vs. benefit?
- Do we really need it?
- Are we creating another vulnerability?
- Are we creating new indicators?
- What is the impact on operations?
- How long is it needed?
- How will we measure effectiveness?
- Have we addressed all vulnerabilities with unacceptable risks?
- Does this countermeasure reduce the risk to an acceptable level?
- Does this countermeasure reduce the risk of more than one vulnerability?
- Are there indicators that need separate countermeasures?
- Will the culture accept the countermeasure and use it?
- Will the leadership support the implementation of this countermeasure?
- Is this the simplest solution?
- Have we fully coordinated?