An action, measure, or device intended to reduce an identified risk.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards



Means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be administrative, technical, management, or legal in nature.

[ISO/IEC 27000:2009]

  • NOTE: ISO Guide 73:2009 defines control as simply a measure that is modifying risk.

Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards


Action, measure, or device intended to reduce an identified risk.

Sample Usage: Some facilities employ surveillance cameras as a countermeasure.

Annotation: A countermeasure can reduce any component of risk -threat, vulnerability, or consequence.

Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance



Action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken [11].

  • NOTE: The term “Control” is also used to describe this concept in some contexts. The term countermeasure has been chosen for this standard to avoid confusion with the word control in the context of “process control.”

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Comments are closed.