2. Assess

Learn how to assess risk in Dastra.

Based on the elements you've identified in the risk type and the asset context, you now need to assess the risk.

This assessment is based on probability and impact.

Determining the risk scale

To assess risk, we need to position these two values on a scale. This is the risk scale. This scale is generally based on 5 levels. In France, the Ebios method (promoted by the CNIL and ANSSI in particular) uses a 4-level scale.

For each level, a condition of application must be determined. The scale may correspond to a financial amount, for example (in terms of impact).

Dastra's scale can be customized. You can modify it by going to the workspace settings (note that only the administrator has access).

Probability (likelihood)

Probability is an evaluation of the frequency of occurrence of a risk. It is an empirically evaluated score (traditionally rated out of 5). Each risk level can correspond to a frequency of occurrence of the risk (and therefore of the threat).

Impact (severity)

The impact corresponds to the evaluation of the consequence of a feared event on the company. It is the severity of this consequence that is estimated.

Depending on the assessed risk, this impact may vary. This assessment can be estimated empirically. For example, by estimating the cost of a data leak or data unavailability following a computer attack. Event logs can help to put these past experiences into practice.

If we're talking about risks concerning individuals (in the context of the GDPR, for example), the impact will correspond to the harm suffered by the people concerned and the infringement of their rights and freedoms. We've already mentioned discrimination, the refusal of a contract, an inconvenience.

A template for Privacy Impact Assessment

We can assume that assessment is always contextual.

However, a methodology published by the CNIL for conducting privacy impact assessments provides a grid for reading the scale of risks.

Here is the table proposed by the CNIL in its PIA guide:

Impact

Levels

Negligible

Generic impact descriptions (direct and indirect)

The people concerned will not be affected, or may experience some inconvenience, which they will be able to overcome without difficulty.

Examples of physical impacts

-Lack of adequate care for a non-autonomous person (minor, person under guardianship)

- Transient headaches

Examples of material impacts

-Time wasted repeating procedures or waiting for them to be completed - Receipt of unsolicited mail (e.g. spam) - Reuse of data published on websites for targeted advertising purposes (information from social networks reused for a paper mailing) - Targeted advertising for everyday consumer products

Examples of moral impact

-Simple annoyance at information received or requested - Fear of losing control of one's data - Feeling of invasion of privacy without any real or objective harm (e.g. commercial intrusion) - Loss of time setting up one's data - Non-respect of freedom to come and go online due to refusal of access to a commercial site (e.g. alcohol due to incorrect age).

Levels

Limited

Generic impact descriptions (direct and indirect)

The people concerned could experience some significant inconvenience, which they will be able to overcome despite a few difficulties.

Examples of physical impacts

-Minor physical ailment (e.g. benign illness due to non-compliance with contraindications) - Lack of care causing minimal but real harm (e.g. disability) - Defamation giving rise to physical or psychological reprisals

Examples of material impacts

-Unscheduled payments (e.g.: incorrectly assigned fines), additional costs (e.g.: agios, legal fees), non-payment - Denial of access to administrative or commercial services - Lost convenience opportunities (e.g.: cancellation of leisure activities, purchases, vacations, closure of an online account) - Missed professional promotion - Account for online services blocked (e.g.: games, administration) - Receipt of targeted mailings Lost opportunities for comfort (e.g.: cancellation of leisure activities, purchases, vacations, closure of an online account) - Missed professional advancement - Account blocked for online services (e.g.: games, administration) - Receipt of unsolicited targeted mail likely to damage the reputation of the persons concerned - Increased costs (e.g.: increase in the price of insurance). Processing of erroneous data, e.g. creating account malfunctions (bank, customer, social security, etc.) - Targeted online advertising on a private aspect that the individual wished to keep confidential (e.g. pregnancy advertising, pharmaceutical treatment) - Inaccurate or abusive profiling.

Examples of moral impact

-Refusal to continue using information systems (whistleblowing, social networks) - Minor but objective psychological harm (defamation, reputation) - Relationship difficulties with personal or professional contacts (e.g. image, tarnished reputation, loss of recognition) - Feeling of invasion of privacy without irremediable harm - Intimidation on social networks

Levels

Important

Generic impact descriptions (direct and indirect)

The people concerned could experience significant consequences, which they should be able to overcome, but with real and significant difficulties

Examples of physical impacts

-Serious physical condition causing long-term damage (e.g. worsening of health condition due to poor treatment or failure to comply with contraindications) - Alteration of physical integrity, e.g. as a result of an assault, domestic accident, work accident, etc.

Examples of material impacts

-Non-compensated embezzlement - Non-temporary financial difficulties (e.g.: obligation to take out a loan) - Targeted, one-off, non-recurring opportunities lost (e.g.: real estate loan, refusal of studies, internships or employment, exam ban) - Bank ban Targeted, one-off, non-recurring lost opportunities (e.g. home loan, refusal of studies, internships or jobs, exam ban) - Bank ban - Damage to property - Loss of home - Loss of job - Separation or divorce - Financial loss following a scam (e.g. after a phishing attempt) - Blocked abroad - Loss of customer data

Examples of moral impact

-Serious psychological condition (e.g. depression, development of a phobia) - Feeling of invasion of privacy and irremediable harm - Feeling of vulnerability following a summons - Feeling of infringement of fundamental rights (e.g. discrimination, freedom of expression) - Victim of blackmail - Cyberbullying and mobbing

Levels

4. Maximale

Generic impact descriptions (direct and indirect)

The people concerned could experience significant, even irremediable, consequences that they may not be able to overcome.

Examples of physical impacts

-Long-term or permanent physical ailment (e.g. following non-compliance with a contraindication) - Death (e.g. murder, suicide, fatal accident) - Permanent impairment of physical integrity

Examples of material impacts

-Financial peril - Substantial debts - Inability to work - Inability to relocate - Loss of evidence in litigation - Loss of access to vital infrastructure (water, electricity)

Examples of moral impact

-Long-term or permanent psychological condition - Criminal sanction - Abduction - Loss of family ties - Inability to take legal action - Change in administrative status and/or loss of legal autonomy (guardianship)

On this scale, the following contextual elements must be taken into account:

the identifying nature of the data ;
the nature of the sources of risk ;
the number of interconnections (in particular with other countries) ;
the number of recipients (which facilitates the correlation of initially separate data).

Likelihood

To assess probability, the CNIL suggests the following scale:

Levels

Description

Negligible

it doesn't seem possible that the sources of risk selected can carry out the threat by relying on the characteristics of the media (e.g.: theft of paper media stored in an organization's premises, access to which is controlled by badge and access code).

Limited

it seems difficult for the selected risk sources to realize the threat based on the media's characteristics (e.g.: theft of paper media stored in an organization's premises to which access is controlled by badge).

Important

for the selected risk sources, it seems possible to achieve the threat by relying on the characteristics of the media (e.g. theft of paper media stored in the offices of an organization to which access is controlled by a receptionist).

Maximal

it seems extremely easy for the selected risk sources to carry out the threat based on the characteristics of the media (e.g.: theft of paper media stored in the organization's public hall).

On this scale, the following contextual elements need to be taken into account:

whether the system is open to the Internet or closed;
whether or not data is exchanged with other countries;
interconnections with other systems or no interconnections at all;
system heterogeneity or homogeneity;
system variability or stability;
the organization's image.

Dernière mise à jour il y a 1 an

Cet article vous a-t-il été utile ?

Impact

Levels

Negligible

Generic impact descriptions (direct and indirect)

The people concerned will not be affected, or may experience some inconvenience, which they will be able to overcome without difficulty.

Examples of physical impacts

-Lack of adequate care for a non-autonomous person (minor, person under guardianship)

- Transient headaches

Examples of material impacts

Examples of moral impact

Levels

Limited

Generic impact descriptions (direct and indirect)

The people concerned could experience some significant inconvenience, which they will be able to overcome despite a few difficulties.

Examples of physical impacts

Examples of material impacts

Examples of moral impact

Levels

Important

Generic impact descriptions (direct and indirect)

The people concerned could experience significant consequences, which they should be able to overcome, but with real and significant difficulties

Examples of physical impacts

Examples of material impacts

Examples of moral impact

Levels

4. Maximale

Generic impact descriptions (direct and indirect)

The people concerned could experience significant, even irremediable, consequences that they may not be able to overcome.

Examples of physical impacts

-Long-term or permanent physical ailment (e.g. following non-compliance with a contraindication) - Death (e.g. murder, suicide, fatal accident) - Permanent impairment of physical integrity

Examples of material impacts

-Financial peril - Substantial debts - Inability to work - Inability to relocate - Loss of evidence in litigation - Loss of access to vital infrastructure (water, electricity)

Examples of moral impact

On this scale, the following contextual elements must be taken into account:

the identifying nature of the data ;

the nature of the sources of risk ;

the number of interconnections (in particular with other countries) ;

the number of recipients (which facilitates the correlation of initially separate data).

Likelihood

To assess probability, the CNIL suggests the following scale:

Levels

Description

Negligible

Limited

Important

Maximal

it seems extremely easy for the selected risk sources to carry out the threat based on the characteristics of the media (e.g.: theft of paper media stored in the organization's public hall).

On this scale, the following contextual elements need to be taken into account:

whether the system is open to the Internet or closed;

whether or not data is exchanged with other countries;

interconnections with other systems or no interconnections at all;

system heterogeneity or homogeneity;

system variability or stability;

the organization's image.