Incidents that occur within facilities are rated relative to the organization. The severity of the incident is used to determine how long and how much the incident will influence a facility's risk. The following matrix is recommended for determining a severity.
|Critical Financial Impact||Moderate Financial Impact||Minimal Financial Impact|
|Critical Operational Disruption||SEV1||SEV1||SEV2|
|Moderate Operational Disruption||SEV1||SEV2||SEV3|
|Minimal Operational Disruption||SEV2||SEV3||SEV4|
Incidents logged will impact the risk model by increasing the risk of involved threats across the facility over a period of time. The amount of impact increases with with number of incidents and their severity within the period and decay from the model monthly for a period of 12 months.
If a new incident occurs during this period, then the risk will increase once again, however the impact of the first incident will still decay at the same rate. Assume we have an incident of SEV1, then another SEV1 incident in 6 months; the impact of the first threat will continue to decay until Month 12 and the new incident will decay until Month 18 from the start of the period.
When logging an incident, you can optionally specify assets or locations involved. While not required, associating these items will allow you to track incidents at a more granular level of detail and will also acutely impact the risk of those locations or assets more.