When estimating the consequences of a security event, it is crucial to consider the severity of the consequence. This is directly referenced in ISO/IEC 27005, which states that consequence refers to the impact or seriousness of a risk event.
“Consequence: The outcome of an event affecting objectives, including the severity of impact.”
— ISO/IEC 27005:2022, Section 8.3.2
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit