n. ~ The magnitude and effect of an act or expression on something; a result, an outcome, a change.
In risk management, 'impact' often connotes something unexpected or harmful. However, one may plan actions in anticipation of a specific, serendipitous impact.
- CNSS-4009 (†730 p.34): impact level - The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (†1732)
- ISACA Glossary (†743 s.v. impact): Magnitude of loss resulting from a threat exploiting a vulnerability. (†1778)
- Kurian 2013 (†576 s.v. impact): In marketing, the total measurable effect of an action or product on a market, group, or person. (†1090)
- NIST 2013 (†734 p. B-9): The effect on organizational operations, organizational assets, individuals, other organizations, or the Nation (including the national security interests of the United States) of a loss of confidentiality, integrity, or availability of information or an information system. (†1835)
- Wikipedia (†387 s.v. impact evaluation): assesses the changes that can be attributed to a particular intervention, such as a project, program or policy, both the intended ones, as well as ideally the unintended ones. In contrast to outcome monitoring, which examines whether targets have been achieved, impact evaluation is structured to answer the question: how would outcomes such as participants’ well-being have changed if the intervention had not been undertaken? (†1241)