Countermeasures (sometimes referred to as measures) is a term used to describe anything in risk management (management standards, revised process, technical means) which is proposed in order to reduce threats and vulnerabilities, and thus reduce future risk. Measures are made based on previous risk analysis. Measures can protect either assets or help detect impending threat.
Use of the countermeasures in practice: Organization through measures responds to potential threats or vulnerabilities of its assets. Given that the aim of the measures is to reduce the possible damage (i.e. financial effect), it is necessary to assess each measure in terms of its effectiveness, or to assess whether it pays off - compare its costs with costs of eliminated risk. In practice, Risk manager together with CFO usually assess it. In the case of partial measures the decision is in the responsibility of individual workers.