Impact (Information Security)
The consequences of an incident on one or more assets constitute the impact (for instance personal data that are no longer accurate).
In information security usually a difference is made between direct consequences (damage to the information system, such as file modifications, changes in the accessibility of confidential data or an inappropriate system shutdown) and the indirect impact (the damage the organization or third parties have incurred, such as abuse of confidential information, wrong decisions as a result of incorrect data).
There is not always an immediate relation between an incident's direct consequences and its indirect impact on an organization or on third parties: the loss of fundamental data can have enormous consequences for the person involved whereas a system that was erased completely can already be restored with a good back-up.
There is currently no content classified with this term.