Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT Management > Formulas for Quantitative Risk Management Analysis > Flashcards

Formulas for Quantitative Risk Management Analysis Flashcards

1
Q

How to calculate risk?

A

risk = threat * vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to calculate total risk?

A

total risk = threats * vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What’s Exposure Factor (EF)?

A
  • percentage of loss that an organization would experience if a specific asset were violated by a realized risk
  • needs to be used as decimal value in formulas - percentage divided by 100%
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s Single Loss Expectancy (SLE)?

A
  • cost associated with a single realized risk against a specific asset
  • one-time loss figure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to calculate SLE?

A

SLE = Asset Value (AV) * Exposure Factor (EF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If Asset Value is $100000 and the exposure factor (EF) is 30%, what would be the Single Loss Expectancy? (SLE)?

A
  • AV = $100000, EF = 30% (0.3)
  • 100000 * 0.3 = $30000
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Annualized Rate of Occurrence (ARO)?

A
  • expected frequency with which a specific threat or risk will occur within a single year
  • watch for AROs longer than a year!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s Annualized Loss Expectancy (ALE)?

A

possible yearly cost of all instances of a specific realized threat against a specific asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How is Annualized Loss Expectancy (ALE) calculated?

A

ALE = Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (ARO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the Annualized Loss Expectancy (ALE), if:
Office Building = $200000, Hurricane Damage Estimate: 50%, Hurricane Probability: 1x every 10 years

A

(200000 * 0.5) * 0.1 = $10000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When the Annualized Loss Expectancy (ALE) is calculated, what does it say?

A

the calculation means that the business shouldn’t spend more than the calculated price annually on the building protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s Safeguard Evaluation (SE)?

A
  • answers the question whether safeguards are cost effective
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How’s the Safeguard Evaluation (SE) calculated?

A

SE = (ALE before safeguard) - (ALE after safeguard) - (annual cost of safeguard)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What’s the Controls Gap (CG)?

A
  • the amount of risk reduced by implementing safeguards
  • amount of money saved
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How’s residual risk calculated?

A

residual risk = (total risk) - (controls gap)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the six major elements of quantitative risk analysis?

A
  1. assign Asset Value (AV)
  2. calculate Exposure Factor (EF)
  3. calculate Single Loss Expectancy (SLE)
  4. assess the Annualized Rate of Occurence (ARO)
  5. derive the Annualized Loss Expectancy (ALE)
  6. peform cost/benefit analysis of countermeasures
17
Q

What question does the safeguard evaluation answer?

A

whether the safeguard being implemented is cost effective

18
Q

What do you need to know to be able to calculate Annualized Loss Excpectancy?

A

Single Loss Expectancy and Annualized Rate of Occurence

19
Q

Is there a formula for calculating Annualized Rate of Occurence?

A
  • no, but it should be converted to a decimal value
  • if an event is supposed to happen:
    • twice a year = ARO is 2
    • once in 10 years = ARO 1/10 = 0.1
    • once in 5 years = ARO 1/5 = 0.2
20
Q

If an insurance company has a deductible of $75,000 in the contract, what does it mean?

A

means that the company will cover damages above $75,000

21
Q

How is EF calculated?

A

by dividing the amount of damage by the asset value

22
Q

What is the best metric to compare relative risks and why?

A
  • annualized loss expectancy (ALE)
  • because it incorporates both the likelihood and the impact of those risks
23
Q

A standard quantitative risk analysis on a specific threat/vulnerability/risk relation was performed and possible countermeasures were selected. When performing the calculations again, which of the factors will change?

A
  • countermeasure primary affects the annualized rate of occurrence (ARO), because the countermeasure is designed to prevent (or mitigate or reduce) the occurrence of the risk, thus reducing its frequency per year
  • also possible that a countermeasure will also reduce the exposure factor (EF) or the amount of loss per incident, but this is not as common as ARO reduction
24
Q

A building itself is valued at $15 million.
Average hurricane would destroy approximately 50 percent of the building. What’s the SLE?

A

$7.5 million

25
Q

What does ROI stand for?

A

Return Of Investment

26
Q

To calculate the return investment for cloud infrastructure versus prior on-premises design, what elements are needed for the ROI calculation?

A
  • total cost of ownership for his on-premises design
  • total cost of cloud services that will be required to replace the on-premises systems for their design lifecycle
  • total cost of licensing and staffing required to make the move and operate the cloud environment

IT Management (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions