Apply appropriate countermeasures

Red teaming

Countermeasures are designed to prevent an adversary from detecting critical information, provide an alternative interpretation of critical information or indicators (deception), or deny the adversary’s collection system.

Example: The countermeasure for the vulnerability of running Nmap, using the Metasploit framework, and hosting the phishing pages using the same public IP address, seems obvious: Use a different IP address for each activity.

Example: For the vulnerability of an unsecured database used to store data received from a phishing page, ensure that the database is adequately secured so that the data cannot be accessed except by authorised people.