Impact is measured by compromised assets, i.e. the impact caused by the loss of the criterion of confidentiality, integrity or availability of the asset. From the impact expected during such a compromise, we deduce the classification level of the asset in terms of confidentiality, integrity and availability. Protecting your computer is important - there are many reasons.
However, a distinction must be made between damage and impact. Damage is the result of an event. The impact is the assessment of the harm caused by the damage. Examples are as follows:
Almost all impacts end up being measured at a financial level. However, we group under this title the direct financial impacts, such as the shortfall of an e-commerce solution, in the event of a break with the Internet service. Other financial impacts in this category are embezzlement by software modification, theft of ‘credit card’ data, and others.
The usage of certain stolen data may lead to legal proceedings on the part of the persons concerned; the loss of this data may also result in non-compliance with certain commercial conditions. Taking control of the computer system to carry out attacks (distributed attacks, spamming, etc.) on other users can be considered as a failure to monitor and lead to a criminal conviction.
Reputation impacts are grouped under this name. With the confidence of customers and suppliers remaining one of the major components of trade, it is obvious that any incident in this area quickly has a financial impact.
Industrial or commercial espionage, aimed at appropriating the manufacturing secrets, customer files or other private data of a person is included in this category, which is the most difficult to estimate financially. The lack of capacity to exercise one’s profession, following the destruction of IT equipment (fire, flood, etc.), is also included in this category.
Time, specifically for a business, is a very critical element. The time wasted if a user could have invested it in other important tasks.