Security Impact Analysis

Security Impact Analysis definition in Computer Security terms:

Acronym(s): SIA

Definition(s): The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.
Source(s): CNSSI 4009-2015 (NIST SP 800-37 Rev. 1)
NIST SP 800-137 (NIST SP 800-53)
NIST SP 800-37 Rev. 1
NIST SP 800-39 (NIST SP 800-37)
NIST SP 800-53 Rev. 4 (CNSSI 4009)
NIST SP 800-30 (NIST SP 800-37)
NIST SP 800-53A Rev. 4 (NIST SP 800-37)

The analysis conducted by an organizational official to determine the extent to which a change to the information system has or may have affected the security posture of the system.
Source(s): NIST SP 800-128 (Adapted from CNSSI 4009)

The analysis conducted by an agency official, often during the continuous monitoring phase of the security certification and accreditation process, to determine the extent to which changes to the information system have affected the security posture of the system.
Source(s): NIST SP 800-18 Rev. 1 (NIST SP 800-37)

Synonym(s): None

 

reference: CSRC Glossary