Difference between revisions of "Consequence"
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
− | + | ===Standard Definition=== | |
+ | ==== ISO/IEC27000:2014 ==== | ||
+ | The outcome of an event affecting objectives <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. | ||
− | - | + | The standard notes that (a) an event can lead to a range of consequences, (b) a consequence can be certain or uncertain and in the context of information security is usually negative, (c) consequences can be expressed qualitatively or quantitatively and (d) initial consequences can escalate through knock-on effects. |
==See also== | ==See also== |
Revision as of 12:12, 18 May 2014
Contents
Definitions
Official European Definition
?
National Definitions
US Definition
The effect of an event, incident, or occurrence, including the number of deaths, injuries, and other human health impacts along with economic impacts both direct and indirect and other negative outcomes to society. Adapted from the 2010 DHS Risk Lexicon [1].
Standard Definition
ISO/IEC27000:2014
The outcome of an event affecting objectives [2].
The standard notes that (a) an event can lead to a range of consequences, (b) a consequence can be certain or uncertain and in the context of information security is usually negative, (c) consequences can be expressed qualitatively or quantitatively and (d) initial consequences can escalate through knock-on effects.