Comprehensive and Detailed Explanation From Exact Extract:
The impact of an information security event is assessed by evaluating how the event affects the CIA triad—Confidentiality, Integrity, and Availability—of information assets. This fundamental concept underpins all ISO/IEC 27000-series standards, including ISO/IEC 27035.
ISO/IEC 27035-1:2016, Clause 6.2.3 explicitly states that an event's severity and urgency are to be assessed by evaluating its actual or potential impact on the organization’s information security objectives, namely:
Confidentiality: Protection from unauthorized disclosure
Integrity: Protection from unauthorized modification
Availability: Assurance of timely and reliable access
This approach ensures consistent and risk-based decision-making during incident assessment. Options A and B are important steps, but they are part of the broader process; they do not directly measure impact.
[Reference:, , ISO/IEC 27035-1:2016, Clause 6.2.3: “The impact should be assessed based on the effect on confidentiality, integrity, and availability of the information assets affected.”, , Correct answer: C, , —, ]
Submit