In the plan-protect-response cycle, which stage is primarily responsible for creating and operating countermeasures?

Creating and operating countermeasures happens in the protection stage because this phase is about turning risk assessments and policies into actual safeguards. It covers selecting, deploying, and maintaining security controls—like firewall rules, intrusion detection, access controls, encryption, backups, and ongoing monitoring—that actively reduce risk and prevent incidents. The planning stage is about deciding what needs protection and which safeguards are required, not running them daily. The response stage focuses on actions during an incident—detecting, containing, eradicating, and recovering—rather than maintaining preventive controls. So, protection is the stage responsible for creating and operating countermeasures.