Identification of Consequences

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:01
Listen 4.6 Identification of consequences
00:08
In this video, we will cover the identification of consequences and considerations to bear in mind while doing so.
00:16
We will also have a look at a consequence. Example.
00:23
This is the point where you take everything that we have collected, analyzed and put together in the previous steps and start looking at the consequences
00:33
for information. Acid X What is the consequence to the confidentiality, integrity or availability of the asset? If there is a exploits, vulnerability be
00:45
the consequence could be a loss of business,
00:48
loss of effectiveness,
00:50
reputational damage,
00:52
regulatory finds and so forth.
00:56
In essence,
00:57
here we are looking to define the damage that would be done to the organization.
01:02
If a specific incident scenario were to play out,
01:06
the severity of the consequence of the incident taking place
01:10
would be linked to the associated information asset,
01:14
and it's supporting asset values.
01:18
The output that you want from this activity would be something that outlines the various incidents, scenarios
01:23
and the specific consequences based on the associative information, assets and business processes.
01:30
This forms the foundation for the risk analysis and assessment.
01:36
Only a few more steps to go
01:40
the identification of the incident scenarios is important as the consequence would be relative to the incident.
01:48
For example,
01:49
a data breach of personal information
01:53
might have different consequences to a breach of proprietary information.
02:02
Let's take a look at an example.
02:07
Your incident scenario would be a ransomware attack.
02:12
Next.
02:13
You would look at what is Theo impact
02:16
to your C A C I a child.
02:21
The availability of information would be the most heavily affected by this type of attack.
02:25
Is the information or system becomes unavailable for use?
02:31
We then look at what impact a lack of availability would have.
02:37
The associated consequence would be an operational impact.
02:42
The operational impact can be further broken down into the various consequences off
02:49
investigation time,
02:51
which would lead to a cost component as well as a time lost.
02:55
There would be a work time lost.
02:59
It would be a financial cost,
03:00
and there would also be reputational damage.
03:07
Gauging the reputational damage is always difficult,
03:09
as this is something that is quite intangible and effects the trust
03:15
of your company's stakeholders.
03:27
To summarize,
03:29
we covered how to understand and identify potential consequences from incident scenarios.
03:35
We also examined a simple example and that there can be more than one consequence from a given incident scenario
Up Next