Listen 4.6 Identification of consequences
In this video, we will cover the identification of consequences and considerations to bear in mind while doing so.
We will also have a look at a consequence. Example.
This is the point where you take everything that we have collected, analyzed and put together in the previous steps and start looking at the consequences
for information. Acid X What is the consequence to the confidentiality, integrity or availability of the asset? If there is a exploits, vulnerability be
the consequence could be a loss of business,
loss of effectiveness,
regulatory finds and so forth.
here we are looking to define the damage that would be done to the organization.
If a specific incident scenario were to play out,
the severity of the consequence of the incident taking place
would be linked to the associated information asset,
and it's supporting asset values.
The output that you want from this activity would be something that outlines the various incidents, scenarios
and the specific consequences based on the associative information, assets and business processes.
This forms the foundation for the risk analysis and assessment.
Only a few more steps to go
the identification of the incident scenarios is important as the consequence would be relative to the incident.
a data breach of personal information
might have different consequences to a breach of proprietary information.
Let's take a look at an example.
Your incident scenario would be a ransomware attack.
You would look at what is Theo impact
to your C A C I a child.
The availability of information would be the most heavily affected by this type of attack.
Is the information or system becomes unavailable for use?
We then look at what impact a lack of availability would have.
The associated consequence would be an operational impact.
The operational impact can be further broken down into the various consequences off
which would lead to a cost component as well as a time lost.
There would be a work time lost.
It would be a financial cost,
and there would also be reputational damage.
Gauging the reputational damage is always difficult,
as this is something that is quite intangible and effects the trust
of your company's stakeholders.
we covered how to understand and identify potential consequences from incident scenarios.
We also examined a simple example and that there can be more than one consequence from a given incident scenario