Scribd Logo
Upload

Welcome to Scribd!

  • Risk Assesments

    Uploaded by

    ashish
    11 views1 page
    This document discusses quantitative and qualitative risk assessment methods. Quantitative risk assessment uses numeric values to calculate the single loss expectancy (SLE), which is the asset value multiplied by the exposure factor. The annual loss expectancy (ALE) is then calculated as the SLE multiplied by the annual rate of occurrence (ARO). Qualitative risk assessment is based on subjective ratings of threat likelihood and severity, and involves tools like risk registers, heat maps, and risk matrices.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses quantitative and qualitative risk assessment methods. Quantitative risk assessment uses numeric values to calculate the single loss expectancy (SLE), which is the asset value multiplied by the exposure factor. The annual loss expectancy (ALE) is then calculated as the SLE multiplied by the annual rate of occurrence (ARO). Qualitative risk assessment is based on subjective ratings of threat likelihood and severity, and involves tools like risk registers, heat maps, and risk matrices.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    11 views1 page

    Risk Assesments

    Uploaded by

    ashish
    This document discusses quantitative and qualitative risk assessment methods. Quantitative risk assessment uses numeric values to calculate the single loss expectancy (SLE), which is the asset value multiplied by the exposure factor. The annual loss expectancy (ALE) is then calculated as the SLE multiplied by the annual rate of occurrence (ARO). Qualitative risk assessment is based on subjective ratings of threat likelihood and severity, and involves tools like risk registers, heat maps, and risk matrices.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    Quantitative Risk assessment:

    Risk assessment based on Numeric values(eg. Dollars), Asset value, Exposure Factor (percentage of
    asset value lost when a negative incident occurs)

    Single Loss Expectancy: how much loss is experienced during one negative Incident.

    SLE = AV (Asset value) × EF (Exposure factor)

    for eg. An asset generates 24000$ per day. Assume that we've got a risk of downtime,
    whether due to a malicious attack or to some kind of failed hardware component. And from
    past experiences, we have learned that on average, when our e-commerce website goes
    down, on average, it's down for about three hours. So if we take three hours and divide it by
    24 hours within a day, we get 12.5 as a percentage. That's our exposure factor. So we now
    calculate that single loss expectancy by multiplying the two together 24,000 by 12.5.And we
    said that that would be $3,000.

    Annual Rate Of Occurrence (ARO): expected no. of yearly occurrences.

    Annual Loss Expectancy (ALE): Total yearly cost ALE = SLE × ARO

    Qualitative Risk Assessment


    Based on subjective opinion: Threat likelihood, severity rating

     Risk Register: Organization should have one or more risk register, usually qualitative in
    nature.
     Risk Heat Map (Colored maps)
     Risk Matrix

    You might also like