Great essay! I wanted to delve a little more into risk management countermeasures. We already know that countermeasures are actions taken to either reduce the threat of risk or mitigate risk when a threat actually happens. More specifically, however, there are also different types of countermeasures (in the security world) that need to be considered. While some might work in every scenario, not all will.
The types of risk countermeasures are high-tech, low-tech, and no-tech. High-tech includes things like security systems (ie access control systems, video systems, etc), X-ray scanners, badging systems, etcetera. Many high-tech countermeasures are even capable of “intelligent video analytics” that can evaluate unusual behavior, for example. Low-tech countermeasures are those that include more physical security items, such as barriers, fences, lights, locks, signs, etcetera. There are even countermeasures made through the way an environment is designed when it is built, which is called Crime Prevention Through Environmental Design (CPTED). No-tech countermeasures include risk analysis, policies, investigations, training, working with law enforcement, etc.
Knowing which type of countermeasures to use all depend on the situation at hand. When risk assessment is conducted, usually an assessment of the available countermeasures will determine which will produce the most ideal results. Some people even like to conduct a risk assessment without countermeasures, to see what possibilities the worst result will bring, in an attempt to determine what the most effective countermeasures will be.