Alion Science and Technology Website Home Button

Home Button

Next Steps

About CounterMeasures®

CounterMeasures is a proven risk analysis solution that has been applied to address a wide range of risk disciplines including physical security, cyber security, intellectual property security, chemical industry security and school security. CounterMeasures is a scalable web-based program that is usually delivered as a pay-as-you-go web-service. (Though we do offer client-hosted solutions when they are specially requested.) With CounterMeasures risk assessment services, you also get access to the world class service and support both to help extend your success in risk management. Choose one of our out-of-the-box solutions, or contact us to build the custom tool for your specific needs.


How is CounterMeasures used to conduct
Risk Assessments and Analysis?

Alion’s technical approach to risk assessment is based on a well-defined, time-tested, and highly standardized process. We have been able to make Risk Assessments a source of supportable and reliable data which can be used by the organization to mitigate and manage risk based on real, up-to-date information. We accomplish this by identifying and standardizing the critical steps defined by the assessment methodology, to direct the most important areas and processes to assess, determining how to feed data into the Threat x Vulnerability x Consequence = Risk (T x V x C = R) calculation, and providing outputs which clearly identify Risk and the means to mitigate or reduce risk.


CounterMeasures Risk Analysis Process has 7 distinct steps for completing a risk analysis.

7 Steps Figure Step 2: Assess Assets Step 3: Assess Threats Step 4: Assess Vulnerabilities Step 1: Define the Scope Step 5: Analyze Risk and Create Reports Step 6: Manage Risk Step 7: Evaluate Effectiveness and Reassess


Step 2: Assess Assets Step 3: Assess Threats Step 4: Assess Vulnerabilities Step 1: Define the Scope Step 5: Analyze Risk and Create Reports Step 6: Manage Risk Step 7: Evaluate Effectiveness and Reassess Any practitioner who has conducted risk analyses before, perhaps by hand, will notice that the process is not so different from what you already know. It is the software that helps you to complete the task thoroughly, with relative ease, and with confidence in the results.


Step 1: Define the Scope
CounterMeasures allows Assessors to build a profile of the system or site to be assessed. This triggers specific questions, identifies the scope of the assessment, and allows the assessor to focus on the areas most applicable to the facility or system.


Using icon-based navigation, the assessor is guided through the steps to identify who is conducting the assessment, where it is being conducted, what items will be assessed, and what the assessed system(s) are used for.


Profile process buttons

Profile Screenshots


Step 2: Identify Critical Assets

Specific components or systems are identified and rated in order to determine which systems are most critical to the organization’s mission and operations, and why. They can be rated by replacement value, by a matrix of importance to the organization versus importance to a potential adversary, or a combination of the two.


Critical systems are defined, and examples are embedded in the tool. Assessors are guided to compile a complete, accurate list of critical components.

Asset Section Screenshots


Step 3: Characterize the Threat

CounterMeasures® guides the assessor to define the threats and hazards which could harm the system(s) or components. Threats can be rated by capability and intent, in the event of a man-made threat, or frequency, in the event of natural hazards. User chooses what threats and hazards to include in the assessment, and they can be preloaded based on location or environment.

Threats Screenshot


Step 4: Assess Vulnerabilities

In order to objectively evaluate Vulnerability, CounterMeasures provides Security assessors with categories of observable “countermeasures” including Rules and Regulations, Administrative & Technical controls, and best practices. These are based on defined standards and best practices. The software encourages objective evaluation of measurable in-place controls, called countermeasures, in order to define security posture. With more countermeasures in place, the organization’s vulnerability to different threats and hazards is reduced.


NOTE: Vulnerabilities are never seen by the survey respondent. The analysis module
determines and invokes the proper vulnerability areas based on survey responses.

Vulnerabilities Screenshot


Step 5: Analyze Risk and Create Reports

The analysis of an individual assessment can be done either by the individual inspector, or by a dedicated security analyst at a central location. Baseline metrics and relationships are used to achieve both a repeatable and defensible analysis. Examples of these metrics include quantification of the relationship between threats, assets, vulnerabilities, and business processes. Once Alion and a client evaluate these relationships, the development team builds them into the analysis module, ensuring they are consistently applied to all assessments during the data collection phase and analysis phase.

Risk Desktop Screenshot

Analysis Process Chart


Step 6: Manage Risk

The risk management feature provides the capability to monitor and manage residual risk for each system in the analysis dataset. This feature picks up after the current risks for each surveyed system have been determined and remains in effect for the lives of the surveyed systems. The action dataset stores all countermeasures that are proposed during the analysis process and makes them available for assignment to someone for implementation. Once actions are assigned to someone, they can be tracked until a satisfactory result is attained.


Areas of weakness or poor control implementation are identified in the Analysis, and the user can immediately propose controls to reduce vulnerability and risk. Risk analysis and loss expectancy reports that are run after countermeasures have been implemented will reflect the improved security posture. In addition to proposing controls to implement, the user can assign the implementation to a specific person to ensure accountability and tracking of risk reduction.

Risk Management Screenshot


Step 7: Evaluate Effectiveness

The analysis module of CounterMeasures also allows for analysts to determine which controls are most likely to be effective to implement by weighting controls for their effectiveness in reducing vulnerability and by their cost. The analyst can conduct a “what-if” analysis of different risk reduction strategies and see the decreased vulnerability real-time. Once proposed security controls are implemented, the organization can see the system(s)’ new security posture, re-assess, or compare to other systems.

Effectiveness Desktop Screenshot




About Enterprise Risk Management

Enterprise Risk Management (ERM) is all about understanding and managing the impact that threats and hazards have on your operations. ERM begins with an analysis of your business’ assets, business processes, and threat environment and then allows you to use your resources most effectively to minimize the losses to your operations. It's an overall process to help you gain more insight into the relationships between threats, vulnerabilities, and hazards so you can develop smarter, safer courses of action that will benefit both you and your customers. It’s very hard to run a successful business without a strong focus on ERM. After all, while a winning business plan can’t maximize profits without minimizing losses.


Successful ERM can involve many different areas of your company including security, safety, and compliance. Thankfully, these are all areas where offers a technology solution and more. With CounterMeasures® web-Enterprise Risk Management software, you can mind your business and your budget while getting up and running in with the world's leading Enterprise Risk Management solution.


With ERM solutions from, you’ll streamline and automate assessment, analysis and reporting processes, which allows you to give everyone in your company a view of their portion of the company’s risk profile. Then, CounterMeasures® provides you deeper analysis and insight into possible remediation actions, keeping everyone focused on getting new customers while keeping the ones you already have happy.


PC-based Enterprise Risk Management Software vs. Web Enterprise Risk Management

Traditional PC-based Enterprise Risk Management Software has been overtaken in recent years by Web Enterprise Risk Management, also known as “online ERM”, “hosted ERM, and “on-demand ERM.” Today, more companies than ever are turning to the Web, and specifically to, for ERM solutions.


Why? Because in both business and governmental endeavors, it's more important than ever to have a holistic understating of the threats and vulnerabilities that impact your assets, processes and missions. It’s equally essential to gain this insight and direction without a big up-front software investment that's expensive to install and maintain. With’s pay-as-you-go model, the price of success is dramatically lower.


Web Enterprise Risk Management Promises High Value and Low Up-Front Investment.

Eliminating the need for a big up-front capital investment offers an immediate shortcut to ERM success. All of the CounterMeasures risk assessment software products are available on a monthly pay-as-you-go arrangement. So, where customers could reasonable expect to spend thousands (and in some cases hundreds of thousands) of dollars in hardware and licensing, they can now start up with as little as $100 per user per month.


Web-Based ERM Offers Quick Deployment.

Web ERM delivers a secure hosting environment while avoiding the long lead times and lengthy certification/installation processes common in government and commercial IT departments. Our out-of-the-box ready security variants are focused and ready to meet your requirements with confidence. Our custom ERM implementations usually happen in a matter of weeks or months, with the additional time used for the customization that those users typically desire; this compares to 12 months or longer with traditional client/server risk assessment software.


Hosted ERM Makes Customization Much Easier.

With CounterMeasures online ERM solutions, basic customizations are performed in an administration module and are instantaneously available to all business users without having to upgrade individual users’ workstations.


On-Demand ERM Provides Unlimited Scalability. allows you to scale your implementation fast—without incurring high costs or waiting weeks or months.


Web ERM Features Painless Upgrades.

Because deployments of new ERM features are virtually instantaneous, you’re always on the latest version with web-based ERM systems—so upgrades are painless. Going through an upgrade of CounterMeasures ERM is simple; just login and all of the new “stuff” is there and working right away after the upgrade.


On-Premise ERM Software. Although CounterMeasures® focuses on delivering web-based, on-demand solutions, for customers who need client-site-hosted solutions for business or regulatory reason, the CounterMeasuresTeam has solutions for you. Simply contact us to discuss options.


Copyright © Alion Science and Technology Corporation ׀ Privacy Policy ׀ Legal Notice ׀ Section 508 Notice
Return to Top