Professional Documents
Culture Documents
Risk Assesments
Risk Assesments
Risk assessment based on Numeric values(eg. Dollars), Asset value, Exposure Factor (percentage of
asset value lost when a negative incident occurs)
Single Loss Expectancy: how much loss is experienced during one negative Incident.
for eg. An asset generates 24000$ per day. Assume that we've got a risk of downtime,
whether due to a malicious attack or to some kind of failed hardware component. And from
past experiences, we have learned that on average, when our e-commerce website goes
down, on average, it's down for about three hours. So if we take three hours and divide it by
24 hours within a day, we get 12.5 as a percentage. That's our exposure factor. So we now
calculate that single loss expectancy by multiplying the two together 24,000 by 12.5.And we
said that that would be $3,000.
Annual Loss Expectancy (ALE): Total yearly cost ALE = SLE × ARO
Risk Register: Organization should have one or more risk register, usually qualitative in
nature.
Risk Heat Map (Colored maps)
Risk Matrix