This is a list of factors which influence the severity of an incident. I worry about an incident where the intruder has SYSTEM control, with a shell that is persistent, on a host that can reach the entire enterprise, with very valuable data, with unfettered Internet access, and I can’t see the host’s logs or traffic. I have ordered the options under each category such that the top items in each sub-list is considered worst, and the bottom is best. If anyone wants to point me to existing work, please feel free.”]
Source: https://taosecurity.blogspot.com/2007/12/incident-severity-ratings.html