5.2 Explain elements of the risk management process

Question 1

Quantitative Risk Analysis Key Components

Answer 1

• Exposure Factor (EF): Proportion of the asset lost in an event (0% to 100%).
• Single Loss Expectancy (SLE): Asset Value × EF.
• Annualized Rate of Occurrence (ARO): Frequency of threat per year.
• Annualized Loss Expectancy (ALE): SLE × ARO.

Question 2

Risk Acceptance Methods

Answer 2

• Exemption:
  
  • Organization doesn’t follow a rule at all.
  • Example: A small company is exempt from complex financial audits due to its size.
  • Risk: They miss out on audit insights, which could catch financial mistakes early.
• Exception:
  
  • Organization bypasses a rule only in certain cases.
  • Example: During an emergency, a hospital allows single-factor login instead of multi-factor authentication.
  • Risk: Temporary vulnerability to unauthorized access during the exception period.
• Summary:
  
  • Both methods involve accepting some risk.
  • Exemption skips the rule entirely, losing its safety.
  • Exception bends the rule temporarily, increasing risks for that specific situation