Levels of impact on security breach

 We use three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability). These levels are defined in FIPS PUB 199:


• Low: 

           The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. 
For example, the loss of confidentiality, integrity, or availability
might 
(i) result in minor damage
to organizational assets; 
(ii) result in minor financial loss; 
(iii) result in minor harm to individuals.

• Moderate:  

             The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals. 
For example, the loss might 
(i) cause a significant degradation in mission capability to an extent and duration that the
organization is able to perform its primary functions, but the effectiveness
of the functions is significantly reduced; 
(ii) result in significant damage to organizational assets;
(iii) result in significant financial loss; 
(iv) result in significant harm to individuals that does not involve loss of life or serious,
life-threatening injuries.

• High:  

          The loss could be expected to have a severe or catastrophic adverse
effect on organizational operations, organizational assets, or individuals.
For example, the loss might
(i) cause a severe degradation in or loss of mission capability to an extent and
duration that the organization is not able to perform one or more of its primary
functions; 
(ii) result in major damage to organizational assets; 
(iii) result in major financial loss; 
(iv) result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.

Post a Comment

0 Comments