1
00:00:00,860 --> 00:00:01,350
Great.

2
00:00:01,940 --> 00:00:06,800
So now let's talk about impact, what is an impact now?

3
00:00:06,800 --> 00:00:14,870
Impact is something that can cause harm to an organization or that has actually caused the damage to

4
00:00:14,870 --> 00:00:21,110
an organization, for example, after we saw earlier about the relationship between the one that would

5
00:00:21,110 --> 00:00:28,280
be affected and if that threat is exploited or if that one is exploited, then there's an impact on

6
00:00:28,280 --> 00:00:34,790
the organization, which means that there are three types of impact systems can take place.

7
00:00:34,790 --> 00:00:37,610
The impact can be on the confidentiality of system.

8
00:00:38,090 --> 00:00:46,160
The impact can be on the integrity of the system, and the impact can be on the availability of information

9
00:00:46,160 --> 00:00:46,790
security.

10
00:00:47,720 --> 00:00:54,110
So when it comes to confidentiality, invasion of privacy of customers or users and employees, for

11
00:00:54,110 --> 00:00:58,060
example, if that is unencrypted data, that is a vulnerability.

12
00:00:58,490 --> 00:01:00,710
So the theft is information.

13
00:01:00,740 --> 00:01:02,860
So the threat is information theft.

14
00:01:02,870 --> 00:01:03,230
Right.

15
00:01:03,260 --> 00:01:10,700
We had seen in the last lecture and therefore that that vulnerability is exploited, then the impact

16
00:01:10,700 --> 00:01:15,420
is invasion of privacy of the customers, users and employees.

17
00:01:16,220 --> 00:01:23,450
Well, confidential information leakage and information theft is also an impact on the confidentiality

18
00:01:23,450 --> 00:01:25,160
of information security.

19
00:01:26,150 --> 00:01:33,130
Then integrity, accidental change of data, deliberate change, intentional change, intentional threat.

20
00:01:33,140 --> 00:01:41,480
We have seen then incorrect results and loss of data is also impact on integrity and finally, availability,

21
00:01:41,990 --> 00:01:44,020
performance, degradation of the system.

22
00:01:44,030 --> 00:01:50,690
If the if that is a direct attack on the system, then the data might not be available to the customers

23
00:01:50,690 --> 00:01:52,960
or the users then and when it is needed.

24
00:01:53,390 --> 00:01:58,720
So that can result in the performance, degradation, service, interruption and availability of service.

25
00:01:58,730 --> 00:02:04,040
Again, DOS attack and disruption of the organizations.

26
00:02:05,980 --> 00:02:13,000
So I hope these are the things that you should understand, impact on confidentiality, impact on integrity

27
00:02:13,000 --> 00:02:15,250
and impact on availability.

28
00:02:16,560 --> 00:02:23,920
Now, here is a formula on your screen track, plus one that is equal to risk of the impact.

29
00:02:24,360 --> 00:02:29,160
So what is a threat is a new incident with a potential harm to a system we have seen.

30
00:02:29,160 --> 00:02:35,600
And what is it when the liberty is known, weakness that hackers could exploit, which is equal to risk?

31
00:02:35,610 --> 00:02:38,700
Now, do not consider this as a mathematical operation.

32
00:02:39,420 --> 00:02:42,800
This plus side here do not consider this as a mathematical operation.

33
00:02:42,810 --> 00:02:50,700
Just make sure that when tracked at the combine, they have the potential risk on the system.

34
00:02:51,540 --> 00:02:53,540
Make sure that you remember this formula.

35
00:02:53,550 --> 00:02:59,820
It is very important in order to calculate the risk, we are going to see how to calculate the risks

36
00:03:00,120 --> 00:03:04,650
and the cost of the risk or the failures of the system in our next sections.

37
00:03:05,160 --> 00:03:11,700
But for the time being, make sure that you understand threat and when, when combined can result in

38
00:03:11,700 --> 00:03:16,620
do the risk, which is nothing but the potential for damage and a threat.

39
00:03:16,620 --> 00:03:17,940
Exploit even the.

40
00:03:19,610 --> 00:03:27,980
But the examples of correct can be impact, can be financial losses, loss of assets, loss of customers

41
00:03:27,980 --> 00:03:36,050
and suppliers, lawsuits and penalties, loss of competitive advantage, service interruption, inability

42
00:03:36,050 --> 00:03:44,960
to provide service, loss of branding or reputation and disruption of operations are some examples of

43
00:03:44,960 --> 00:03:45,600
impact.

44
00:03:46,310 --> 00:03:48,260
I hope you've understood this lecture.

45
00:03:48,290 --> 00:03:54,920
I hope you have understood the definition of impact and what actually impact means in the next lecture.

46
00:03:55,190 --> 00:04:02,810
We talk about different security controls and we also define what actually information security risk

47
00:04:02,810 --> 00:04:03,230
is.

48
00:04:03,770 --> 00:04:05,720
I will see you in the next lecture.