CHAPTER 10: IMPACT AND ASSET VALUATION
The successful exploitation of a vulnerability by a threat will have an impact on the asset’s availability, confidentiality or integrity. This may have consequences for the business, in terms of its actual operations, or from a compliance angle, or in relation to a contractual requirement. A single threat could exploit more than one vulnerability and each exploitation could have more than one type of impact. These impacts should all be identified.
Risk assessment involves identifying the potential business harm that might result from each of these identified impacts. The way to do this is to assess the extent of the possible loss to the business for each potential impact. One object of this exercise is to ...
Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.