ImpactAssessmentTypeIncident Schema

The ImpactAssessmentType specifies a summary assessment of impact for this cyber threat Incident.


Field Name Type Description
Direct_Impact_Summary0..1 DirectImpactSummaryType

The Direct_Impact_Summary field is optional and characterizes (at a high level) losses directly resulting from the ThreatActor's actions against organizational assets within the Incident.

Indirect_Impact_Summary0..1 IndirectImpactSummaryType

The Indirect_Impact_Summary field is optional and characterizes (at a high level) losses from other stakeholder reactions to the Incident.

Total_Loss_Estimation0..1 TotalLossEstimationType

The Total_Loss_Estimation field is optional and specifies the total estimated financial loss for the Incident.

Impact_Qualification0..1 ControlledVocabularyStringType

The Impact_Qualification field is optional and summarizes the subjective level of impact of the Incident.

This field is implemented through the xsi:type controlled vocabulary extension mechanism. The default vocabulary type is ImpactQualificationVocab-1.0 in the namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL

Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.

Effects0..1 EffectsType

The Effects field captures a list of effects of this incident from a controlled vocabulary.

External_Impact_Assessment_Model0..1 ExternalImpactAssessmentModelType

The External_Impact_Assessment_Model field is optional and characterizes impact assessment details utilizing impact assessment characterization models defined external to STIX. It is defined utilizing an abstract type enabling the definition through extension of incident impact assessment models external to STIX.