Vulnerability

The 3 D’s and 3 R’s of security: Why You Need to Know Them

By Daniel Young | October 15, 2021 | 3 min read
3ds 3rs

No one wants a security incident on their site or in their organization. So how can you prevent the likelihood of a security breach, an attack, or another security issue at your site?

That is where the three D’s of security come in: deter, detect, and delay.

The three D’s are a way for an organization to reduce the probability of an incident. But what are they, exactly? And what happens if an event does happen? Fortunately, there are phases that cover all the steps of responding to an incident. Let’s take a look at the three D’s and the three R’s of risk response.

Learn more: Impact and Consequence: Is There a Difference?

What are the three D’s?

The three D’s are typically put into effect before an incident. When a business uses countermeasures that embody the three D’s, they change the environment in a way that makes it more difficult for incidents to occur.


  • Deter: Discourage the attack or threat from ever happening.
  • Detect: Identify and verify the threats as they are happening.
  • Delay: Postpone a threat from reaching your assets allowing for response to happen.


Countermeasures often accomplish one more or more of these tasks. A security officer can embody all three, for example, while a bollard may deter a vehicle attack that might crash into a building. Access management may also deter, detect, and delay threats from entering restricted areas of a site.

Wait - how many Ds?

Search for the D’s of security online and you might find yourself looking at pages listing the four D’s or even the five D’s. We stick with just the three because detect, deter and delay are concerned with reducing the probability of an attack, while the following steps, which we call the three Rs, are concerned with reducing severity.

Learn more: How Can Scenario-Based Assessments Help With Compliance?


What are the 3 R’s?

Even when a company is well-aware of the three D’s and has countermeasures in place to reduce the possibility of an incident, not all threats can be prevented. The three R’s are the steps that happen after an incident, when an organization is actively dealing with a threat, and later, trying to return to normal. While the D’s deal with reducing probability, the R’s deal with reducing severity.


  • Respond: The immediate answer to a threat, when your team is actively responding.
  • Retrospective: How was the threat handled? Can your response be improved in the future? Is an investigation necessary?
  • Recover: How can your organization, site, or people return to their normal state, or a more secure state?


Tangible Vs. Intangible Items in Risk Analysis: What Is the Difference?

Why is it important to understand the 3 D’s and 3 R’s?

The three D’s and 3 R’s are more than just helpful identifiers for the phases of incident response. When you implement a countermeasure at your site, it’s important to understand what this countermeasure does. If it’s a camera, it can detect a threat. If it’s a fence, it can deter one.

It’s also important to understand if the new countermeasure reduces the probability of a threat or the severity. In the event of a hazard, like a natural disaster, you should be focusing on the response and recovery since it can't be prevented.

A phase-based approach to risk helps when you’re developing plans for risk scenarios, such as an active shooter or an abduction. When you consider each possible scenario, look at the phases, and figure out which phase you should be spending your budget on; should you be planning for deterrence, early detection or response?

Phases are an important way to understand the countermeasures you already have in place and which you need to reduce probability or severity. By understanding both, you’ll be able to create a comprehensive plan to understand and mitigate risk.

Do you need help assessing your risk? Contact us for a demo today.


Are you ready to improve your organization’s risk resiliency?

See Circadian Risk In Action Now
Watch a Demo