ALE Flashcards
SLE
Single Loss Expectancy the amount that would be lost in a single
occurrence of the risk factor. This is determined by multiplying the value of the
asset by an Exposure Factor (EF).
EF
Exposure Factor is the percentage of the asset value that would be lost.
ALE
Annualized Loss Expectancy (ALE)—the amount that would be lost over the course of a year.
This is determined by multiplying the SLE by the Annualized Rate of Occurrence (ARO).
Risk Calculation
Risk is always calculated Risk x likelihood.
Quantitative Risk Assessment
versus
qualitative assessments
Concrete values to risk factors
Qualitative assessments
Seeks opinions and uses broad categorizations
mission essential function (MEF)
A mission essential function (MEF) is one that cannot be deferred. This means
that the organization must be able to perform the function as close to continually as
possible, and if there is any service disruption, the mission essential functions must be
restored first.
MTD
Maximum tolerable downtime (MTD) is the longest period of time that a
business function outage may occur for without causing irrecoverable business
failure. Each business process can have its own MTD, such as a range of minutes
RTO
Recovery time objective (RTO) is the period following a disaster that an individual
IT system may remain offline. This represents the amount of time it takes to identify
that there is a problem and then perform recovery (restore from backup or switch
in an alternative system, for instance).
RPO
Recovery Point Objective (RPO) is the amount of data loss that a system can
sustain, measured in time. That is, if a database is destroyed by a virus, an RPO of
24 hours means that the data can be recovered (from a backup copy) to a point not
more than 24 hours before the database was infected.
