Qualitative metrics on the impact of a security incident using key information security priniciples: confidentiality, integrity, and availability.

Attributes
SecurityIncidentImpact	_securityIncidentAssessmentImpact
String	availability	A loss of availability is the disruption of access to or use of information or an information system. Enumerated value indicating the impact to availability due to the Security Incident: Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries. High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
String	confidentiality
String	integrity	A loss of integrity is the unauthorized modification or destruction of information. Enumerated value indicating the impact to integrity due to the Security Incident: Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries. High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
String	overall	An enumerated value indicating the overall impact to confidentiality, integrity, and availability due to the Security Incident: Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries. High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries. Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

 _securityIncidentAssessmentImpact

Public SecurityIncidentImpact _securityIncidentAssessmentImpact

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentAssessedImpactLevel
Association End
Class	SecurityIncidentImpactLevel
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	1
Lower Value	(1)
Multiplicity	1
Name	_securityIncidentAssessmentImpact
Name Expression
Namespace	SecurityIncidentImpactLevel
Opposite	_securityIncidentImpactLevel
Owner	SecurityIncidentImpactLevel
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncidentImpactLevel::_securityIncidentAssessmentImpact
Stereotype
Template Parameter
Type	SecurityIncidentImpact
Upper	1
Upper Value	(1)
Visibility	Public

 availability

Public String availability

A loss of availability is the disruption of access to or use of information or an information system. Enumerated value indicating the impact to availability due to the Security Incident:

Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals

Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries.

High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.

Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncidentImpactLevel
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	availability
Name Expression
Namespace	SecurityIncidentImpactLevel
Opposite
Owner	SecurityIncidentImpactLevel
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncidentImpactLevel::availability
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

 confidentiality

Public String confidentiality

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncidentImpactLevel
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	confidentiality
Name Expression
Namespace	SecurityIncidentImpactLevel
Opposite
Owner	SecurityIncidentImpactLevel
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncidentImpactLevel::confidentiality
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

 integrity

Public String integrity

A loss of integrity is the unauthorized modification or destruction of information. Enumerated value indicating the impact to integrity due to the Security Incident:

Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals

Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries.

High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.

Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncidentImpactLevel
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	integrity
Name Expression
Namespace	SecurityIncidentImpactLevel
Opposite
Owner	SecurityIncidentImpactLevel
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncidentImpactLevel::integrity
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

 overall

Public String overall

An enumerated value indicating the overall impact to confidentiality, integrity, and availability due to the Security Incident:

Low - The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in minor financial loss; or (iv) result in minor harm to individuals

Moderate - The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries.

High - The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might: (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.

Source: FIPS 199. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncidentImpactLevel
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	overall
Name Expression
Namespace	SecurityIncidentImpactLevel
Opposite
Owner	SecurityIncidentImpactLevel
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncidentImpactLevel::overall
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public