An information security event is a time-bound negative deviation of business process performance from normal operational state resulting from an information security control failure. The Value Protection Formula: VP = N E / N where VP is the Value Protection Ratio, N is Normal Operations Costs, and E is Event Impact CostsBecause event impacts can include several kinds of losses, there is an expanded formula for calculating its value:E = Rp + Rc + Pn + LR + PcRp is response costs, or the amount required to bring business processes back to accepted parameters (for example, man-hours of triage). Rc is recovery costs, or the amount required to bring enterprise resources back to a normal state (such as the investment in IT to remediate damaged systems).Pn is cost of penalties, the amount paid in fines or other penalties levied because of the event (such as a government fine for an incident, or a court-ordered payment). LR is lost revenue due to the event (for example, orders lost due to downtime).Pc is perception/reputation costs, the measurable amount required to fix a damaged reputation or counter a negative perception (includes public relations, marketing costs associated with recovery).So another way to express the formula is:VP = N (Rp + Rc + Pn + LR + Pc) / NAn information security event is a time-bound negative deviation of business process performance from normal operational state resulting from an information security control failure.Four Ways Information Security Events Impact CompaniesBreach of confidentiality: Unauthorized access to private business information or information controlled by regulation (for example, customer data).Loss of integrity: Logical damage to critical operations or financial control systems information (for example, database corruption).Loss of availability: Degradation or loss of critical systems performance (for example, network outage, extended downtime).Damage to perception: Degradation of stakeholder or shareholder confidence in the companys competence (for example, stock falls on reports of breach). Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe