Protection 10
Protection 10 :
"Protection includes all activities to identify CI/KR, assess vulnerabilities, prioritize CI/KR, and develop protective programs and measures, since these activities lead to the final act of implementing such protective strategies to reduce vulnerability. Protective actions include detection mechanisms or programs (e.g. surveillance systems that indicate a potential threat), deterrence actions (e.g., enhanced security that reduces the aggressor's likelihood of success and interest in the target); defensive actions (e.g., physical hardening or buffer zones, that prevent or delay an attack); and actions that reduce the value or incentive to an aggressor to attack (e.g., creating redundancies in a system and recovery programs that minimize consequences). Strategies for response and recovery are also important". (NIST, "CIP Instructions," June 2004)
