Incident Impact Assessment
(Redirected from Consequence Assessment)
		
		
		
		Jump to navigation
		Jump to search
		An Incident Impact Assessment is an impact evaluation incident analysis outcome that quantifies incident consequences.
- AKA: Impact Analysis, Incident Effect Evaluation, Consequence Assessment, Damage Assessment.
- Context:
- It can typically measure Business Impact through revenue loss calculation and customer affect metrics.
- It can typically evaluate Technical Impact via system downtime measurement and service degradation levels.
- It can typically assess User Impact including affected user count and user experience degradation.
- It can typically determine Compliance Impact through regulatory violation assessment and audit findings.
- It can typically calculate Reputational Impact using brand damage indicators and customer trust metrics.
- ...
- It can often identify Cascading Effect across interconnected systems and dependent services.
- It can often quantify Recovery Cost including restoration expenses and mitigation investments.
- It can often estimate Productivity Loss from workflow disruption and operational delays.
- It can often reveal Data Impact such as data loss volume and data integrity compromise.
- ...
- It can range from being a Preliminary Incident Impact Assessment to being a Comprehensive Incident Impact Assessment, depending on its assessment depth.
- It can range from being a Qualitative Incident Impact Assessment to being a Quantitative Incident Impact Assessment, depending on its measurement approach.
- It can range from being a Immediate Incident Impact Assessment to being a Long-term Incident Impact Assessment, depending on its temporal scope.
- It can range from being a Local Incident Impact Assessment to being a Enterprise-wide Incident Impact Assessment, depending on its organizational scope.
- It can range from being a Single-Domain Incident Impact Assessment to being a Multi-Domain Incident Impact Assessment, depending on its impact breadth.
- ...
- It can be conducted through Impact Analysis Framework using assessment methodology.
- It can be documented in Incident Report Document for management review.
- It can be supported by Impact Measurement Tool and analytics platforms.
- It can be validated through Stakeholder Verification and data correlation.
- It can be utilized for Incident Prioritization and resource allocation decisions.
- ...
 
- Example(s):
- Security Incident Impact Assessments, such as:
- Data Breach Impact Assessment measuring exposed record count and privacy violation.
- Ransomware Impact Assessment calculating encryption damage and ransom demand.
- DDoS Attack Impact Assessment evaluating service availability loss and traffic cost.
 
- Operational Incident Impact Assessments, such as:
- System Outage Impact Assessment quantifying downtime duration and transaction loss.
- Supply Chain Disruption Assessment measuring delivery delay and inventory shortage.
- Manufacturing Stoppage Assessment calculating production loss and deadline impact.
 
- Financial Incident Impact Assessments, such as:
- Trading System Failure Assessment measuring transaction failure and market loss.
- Payment Processing Impact Assessment calculating payment delay and fee penalty.
- Fraud Incident Assessment quantifying monetary loss and account compromise.
 
- Healthcare Incident Impact Assessments, such as:
- Patient Care Disruption Assessment evaluating treatment delay and safety risk.
- Medical System Failure Assessment measuring diagnostic impact and procedure cancellation.
- HIPAA Breach Assessment calculating record exposure and compliance violation.
 
- ...
 
- Security Incident Impact Assessments, such as:
- Counter-Example(s):
- Risk Assessment, which evaluates potential future impacts rather than actual incident consequences.
- Performance Baseline Measurement, which establishes normal operational metrics rather than incident damage.
- Capacity Planning Analysis, which projects resource needs rather than assessing incident effects.
 
- See: Risk Analysis Task, Business Impact Analysis, Incident Management Process, Crisis Management, Disaster Recovery Planning, Cost-Benefit Analysis, Service Level Agreement, Compliance Assessment, Stakeholder Analysis, Performance Measurement Framework.