SebDB impacts
An impact is the harmful or undesirable result of a security risk (i.e., the result if a risk materializes).
These are the things that security professionals like you worry about.
There are seven impacts in SebDB:
[IMP001] System compromise - System compromise occurs when there is the unauthorized disclosure, modification, substitution, deletion or use of systems. This can lead to operational instability, unauthorized control over critical processes, and serve as a gateway for further attacks.
[IMP002] Data compromise - Data compromise occurs when there is the unauthorized disclosure, modification, substitution, deletion or use of data or information. This undermines data integrity, confidentiality, and availability, posing compliance risks and eroding stakeholder trust.
[IMP003] Physical (asset) compromise - Physical asset compromise occurs when there is the unauthorized disclosure, modification, substitution, damage or use of an organisation's physical assets (e.g., devices, hardware, supplies, infrastructure). This can facilitate unauthorized digital access, disrupt service delivery, or result in costly asset recovery and replacement.
[IMP005] Identity theft and fraud - Identity theft and fraud can occur when criminals use personal information for their own gain, or when they cause loss to another. These incidents often stem from phishing or social engineering, and can escalate into broader breaches involving multiple victims.
[IMP007] Account compromise - Account compromise happens when unauthorized people access them. This often results from weak credentials or phishing, allowing attackers to impersonate users and escalate privileges unnoticed.
[IMP009] Business interruption - Business interruption occurs when an organization's normal operations have been interrupted or hindered. The disruption can stem from ransomware, insider threats, or system failures, with cascading effects on productivity and reputation.
[IMP010] Financial loss - Financial loss occurs when there has been an unplanned decrease in monetary value or reduction in financial assets. Such losses often follow cyber incidents, regulatory fines, or fraud, and can undermine business continuity and investor confidence.
In SebDB, we map behaviors to impacts to allow you to see how impacts, which therefore create greater risk, could arise due to a negative security behavior, or those that could be prevented by a positive security behavior.
Impact plausibility is rated on a scale of 0 to 3. This assesses how plausible it is that a potential impact will occur if the behavior is not performed.