AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Risk probability and effect11/22/2023 While impact mostly describes how an incident would impact you internally, consequence describes the effects your company’s misfortune would have on others who are dependent on your company or affects a community. But what about the external world? What is consequence? This is one part of understanding severity. An assessor will want to answer the question: “if an event were to happen at this location, how bad could it be?” For example, supply chain issues will slow down production within your organization. The key aspect is to understand the overall impact to your own organization. When we assess impact, we look at the things that would be disrupted within your business, like: Impact is mostly about how an incident will affect your organization internally. So why do impact and consequence matter in calculating severity? What is impact? Read our detailed guide on calculating risk here. These assessments can help determine the severity of an event and help to calculate risk. While we might not be able to exactly predict what one tornado will do to a business, security professionals can perform an impact and consequence assessment. Probability is just one variable, however - you also must know how an incident like a tornado will affect a business. Weather-related incidents, for example, are easy to calculate because they’re common in certain areas of the country, while calculating the probability of an active shooter at one of your buildings is more complicated.Īs security professionals, we’re generally most concerned with the low probability and high severity incidents. Some incidents may be easier than others. Determining the probability of something happening can be complex. In other words, a risk can be calculated by multiplying the likelihood of an incident by how bad that incident would be. One of the tools we use to do this is an equation: Security professionals are often tasked with assessing the risk of clients’ enterprises. Calculating risk: a quick reviewīefore we get into impact and consequence, we need to review probability and severity. So what’s the difference? The short answer is that “impact” describes an incident’s effect on your organization, while “consequence” describes an incident's effects on the outside world.įor the longer, more nuanced answer, read on. While both impact and consequence are the result of a security event, they're not the same thing. You may think “impact” and “consequence” are the same thing, and you would not be alone: we often hear people using the words interchangeably.
0 Comments
Read More
Leave a Reply. |