Definitions Edit

Impact is

[t]he magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.[1]
[t]he effect on organizational operations, organizational assets, individuals, other organizations, or the Nation (including the national security interests of the United States) of a loss of confidentiality, integrity, or availability of information or an information system.[2]
[t]he consequences of an incident on one or more assets constitute the impact (for instance personal data that are no longer accurate).[3]
[d]amage to an organization's mission and goals due to the loss of confidentiality, integrity, or availability of system information or operations.[4]
[t]he effect of an event on strategic goals and objectives. Impact can be positive or negative related to the organization's objectives.[5]

References Edit

  1. NIST Special Publication 800-60, Vol. I, Rev. 1, at A-4.
  2. NIST Special Publication 800-53, App. B, Glossary.
  3. Commission for the Protection of Privacy, Glossary (full-text).
  4. Cybersecurity A Primer for State Utility Regulators, App. B.
  5. Playbook: Enterprise Risk Management for the U.S. Federal Government, at 105.

See also Edit