Estimating consequence parameters Sample Clauses

Estimating consequence parameters. To exemplify the proposed procedure, we consider 10 types of cyber attacks identified in Deliverable D3.1. Table 13 lists the loss types involved in each attack. For example, a Denial of Service attack is assumed to involve the following loss types: Business interruption, Contractual penalties, Reputational damage, Crisis handling, Third party damages and Legal costs. Section 11.1.1 indicates the procedure to quantify each type of loss, by interviews with the company’s management and internal experts. Assuming that the cost for each loss type have been quantified, for each attack type we proceed as follows:  the worst case impact is obtained as the sum of the impacts quantified for the loss types involved in the attack as per Table 13;  the typical case impact is obtained either by historical loss data recorded by the Company, or by publicly available datasets and surveys. Loss type Denial of Service Invalidated redirects and forwards Bypass login by brute force or DNS Compromise security via Trojan- malware Client-server protocol manipulation Session hijacking Cross site request forgery SQL injection Buffer overflow Relative path traversal Loss revenues X X X X X X X Costs for notification to authority X X X X X X X X X Legal costs X X X X X X X X X X Third Party damages X X X X X X X X X Digital assets disruption X Data recovery costs X X X X X X X X Infrastructure recovery costs X X X X X Costs for informatics experts X X X X X X X X X Losses from multimedia activities X Contractual penalties X X X X X X X X X X PCI-DSS costs X X X X X X X X X Fines from regulatory authority X X X X X X X X X Reputational damage X X X X X X Crisis handling costs X X X X X Extortion X Fines for privacy breach X X X X X X X X X Table 13. Main types of cyber attacks (column labels) and corresponding loss types triggered by each attack (row labels).