Appendix D - Consequences

There are a number of different consequence matrices, each organisation can and usually does, makeup their own.

Matrices can be of a 3 x 3 type (High, Medium and Low), a 5 x 5 or any other combination.

Typically these are odd numbered matrices. Typically the non-committal manager or respondent will chose the middle option as this avoids really making a decision and will be the path of least resistance.

For this reason there is a push towards using even numbered matrices - such as a 4 x 4 matrix.

The markings are typically assigned a number so that they can be mathematically manipulated in the matrix. An example is given in Appendix F below

Below are some examples for consequences

Three by Three
Five by Five
Using a 5 layer impact matrix

An Introduction To Information, Network and Internet Security
Appendix D - Consequences There are a number of different consequence matrices, each organisation can and usually does, makeup their own. Matrices can be of a 3 x 3 type (High, Medium and Low), a 5 x 5 or any other combination. Typically these are odd numbered matrices. Typically the non-committal manager or respondent will chose the middle option as this avoids really making a decision and will be the path of least resistance. For this reason there is a push towards using even numbered matrices - such as a 4 x 4 matrix. The markings are typically assigned a number so that they can be mathematically manipulated in the matrix. An example is given in Appendix F below Below are some examples for consequences Three by Three Five by Five Using a 5 layer impact matrix	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security