If, having accessed the attack vectors, you recognize a social media threat that may impact your company, you need to determine what damage may occur. Damage is measured in three ways: operations, brand impact, and monetary loss.
Measuring damage has never been easy when it comes to determining the security impact of an attack. The return on security investment for technologies such as implementing a firewall, web URL filtering, or even antivirus systems is very difficult. In the previous section, we discussed the threats. Once you have determined those, you can manage your reactions to those threats. Build a damage assessment matrix, as shown in Table 4-2. The column labeled “How to Prioritize the Damage?” serves as your next-steps guideline.