Digital Identity Risk Management (DIRM) – Step 2: Conduct Initial Impact Assessment

Once the online service is defined, the next step in DIRM is to evaluate potential harms if identity proofing, authentication, or federation were to fail.

This assessment identifies impact categories—such as mission delivery, reputation, unauthorized access, financial loss, or even human safety—and assigns an impact level (Low, Moderate, High) for each user group.

By analyzing user groups, impacted entities, and harm categories, organizations gain a clear view of how failures in identity processes could translate into real-world consequences.

Outcome: A combined impact level per user group, enabling organizations to prioritize protections where the risks are most severe.

Check out this infographic for an overview of DIRM – Step 1: Step 2: Conduct Initial Impact Assessment.

Gabriel Magarino – Senior Security Manager | IAM Evangelist - Experienced leader with over 20 years in the IT and cybersecurity industry, specializing in Identity & Access Management. Expert in Okta, One Identity, SailPoint (IdentityIQ & IdentityNow), OneLogin, Delinea, and CyberArk. Passionate about exploring IAM and emerging technologies, coaching, and training IAM teams. Holds a Master’s in Computer Science and multiple certifications, including Okta Professional & Administration, One Identity Architect & Instructor, SailPoint Identity Now, ITIL, Scrum Master, among others. Currently pursuing a PhD with a focus on Computer Science and Artificial Intelligence.

Published On