Severity members of the "Impact Family"
Being aware of the potential severity 'impact' of an Information Security issue or incident is a major contributing factor, in not only responding to the incident should it occur, but also in determining the appropriate level of safeguards to reduce the risk.
For each Information Security Issue throughout the S.O.S. we have allocated an appropriate member of the RUSecure™ "Impact Family". Each "Impact Family" member shown below denotes a possible initial potential severity level for information security incidents arising from that issue. These suggested severity levels are provided only as a general guide and the incident investigation process should reassess and amend the potential severity levels applied to each incident as appropriate.
The following table introduces the Severity members of the "Impact Family" together with a definition of their associated severity levels.
|
The "Impact" Family |
Meaning |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
"Terminal Impact" |
The consequences of this type of incident are potentially terminal, from which the organisation may not recover. These are the most dangerous incidents and are both complex to control and to safeguard against. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
"Devastating Impact" |
Incidents at this level can be devastating and, without an immediate and appropriate response, escalate into terminal incidents. A significant potential financial loss, coupled with a public loss of credibility is a symptom of this type of incident. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
"Critical Impact" |
Critical incidents are those from which you should be able to recover. With careful management of the incident and the implementation of appropriate safeguards, a 'medium' financial loss and public embarrassment are likely to be experienced. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
"Controllable Impact" |
The impact of a controllable incident is likely to be short term and is controllable. With the right safeguards and response, the impact could perhaps be reduced to minor embarrassment and minimal cost. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
"Irritating Impact" |
Incidents classified as irritating are likely to be ephemeral and generally will result in little more than a localised irritation. Whilst you safeguard against them, they should be straightforward to avoid and manage. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
