Severity and Prioritization - Paiet/Tech-Journal-for-Everything GitHub Wiki

Factors contributing to incident severity and prioritization

Scope of impact

• System process criticality
• Functional Impact (NIST SP 800-61 p.42)
  • https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
  • None: No effect to the organization's ability to provide service to all users
  • LOW: Minimal effect. Still provide critical service to all user, but there is efficiency loss
  • MEDIUM: Some users have lost access to critical services
  • HIGH: All users have lost access to critical services
  • Downtime
• Recovery time
  • REGULAR:
  • SUPPLIMENTAL:
  • EXTENDED:
  • NOT RECOVERABLE:
• Data integrity
  • Information Impact Category in NIST pdf
• Economic Impact
  • Different/Relative to each organization
  • NONE: No financial impact
  • LOW: Some financial impact
  • MEDIUM: Company determined amount relative to finances
  • HIGH: Significant financial impact

Types of data

• Personally Identifiable Information (PII)
• Personal Health Information (PHI)
• Payment card information
  • Card number
  • Expiration date
  • Security code
• Intellectual property
• Corporate confidential
  • Accounting data
  • Mergers and acquisitions