Difference between revisions of "Losing your money"

From OWASP
Jump to: navigation, search
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Template:Business Impact}}
 
{{Template:Business Impact}}
Last revision (06/24/08): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}== '''Description''' ==
+
Last revision (MM/DD/YY): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 +
 
 +
==Description==
 
Any company as a whole is made up of individuals. If the company experiences a revenue reduction, this translates down to a reduction in benefits for the employees and possibly even to a reduction of the number of its employees.
 
Any company as a whole is made up of individuals. If the company experiences a revenue reduction, this translates down to a reduction in benefits for the employees and possibly even to a reduction of the number of its employees.
  
== '''Risk Factors''' ==
+
==Risk Factors==
The financial report is impacted when an application or network service level agreement is not met.
+
* The financial report is impacted when an application or network service level agreement is not met  
  
* Reduction in benefits for the individual.
+
* Reduction in benefits for the individual  
  
* Reduction in headcount for the company.
+
* Reduction in headcount for the company  
  
* A company's expenses will exceed its revenues.
+
* A company's expenses will exceed its revenues  
  
* Hackers invading a network or application system.
+
* Hackers invading a network or application system  
  
* PCI compliancy did not occur and the company is fined.
+
* PCI compliancy did not occur and the company is fined
  
  
 
==Examples==
 
==Examples==
'''A Company's Expenses Exceed Its Revenues'''
+
===A Company's Expenses Exceed Its Revenues===
  
 
The business looks at ways to reduce costs. Employee benefits are re-examined and modified to support reducing company cost thus reducing its yearly expenses.  
 
The business looks at ways to reduce costs. Employee benefits are re-examined and modified to support reducing company cost thus reducing its yearly expenses.  
Line 29: Line 31:
 
==Related Technical Impacts==
 
==Related Technical Impacts==
  
- Loss of confidentiality
+
* Loss of confidentiality
  
- Loss of integrity
+
* Loss of integrity
  
- Loss of availability
+
* Loss of availability
  
- Loss of accountability
+
* Loss of accountability
  
  
 
==References==
 
==References==
* OWASP Top 10 - Ruby on Rails version, [http://www.lulu.com/items/volume_62/1412000/1412042/1/print/Owasp-rails-security.pdf]
+
* [http://www.lulu.com/items/volume_62/1412000/1412042/1/print/Owasp-rails-security.pdf OWASP Top 10 - Ruby on Rails version]
 +
 
 +
[[Category:Financial damage]]

Latest revision as of 13:44, 24 June 2008

This is a Business Impact. To view all business impact, please see the Business Impact page.


Last revision (MM/DD/YY): 06/24/2008

Description

Any company as a whole is made up of individuals. If the company experiences a revenue reduction, this translates down to a reduction in benefits for the employees and possibly even to a reduction of the number of its employees.

Risk Factors

  • The financial report is impacted when an application or network service level agreement is not met
  • Reduction in benefits for the individual
  • Reduction in headcount for the company
  • A company's expenses will exceed its revenues
  • Hackers invading a network or application system
  • PCI compliancy did not occur and the company is fined


Examples

A Company's Expenses Exceed Its Revenues

The business looks at ways to reduce costs. Employee benefits are re-examined and modified to support reducing company cost thus reducing its yearly expenses.

Domino Impact

A hacker invades a network and finds its way through an application wall. The customer’s encrypted personal data was opened and used outside in the business market. The customer files a lawsuit against the company. The company files bankruptcy.


Related Technical Impacts

  • Loss of confidentiality
  • Loss of integrity
  • Loss of availability
  • Loss of accountability


References