Qualitative and Quantitative Risk

Question 1

What type of methods are used for Qualitative Analysis?

Answer 1

Intuition, experience, and other methods to assign a risk value.

Question 2

What analysis method uses numerical and monetary values to calculate risk?

Answer 2

Quantitative analysis

Question 3

Which method of analysis can calculate a direct cost for each risk?

Answer 3

Quantitative analysis

Question 4

Define the Magnitude of Impact

Answer 4

An estimation of the amount of damage that a negative risk might achieve

Question 5

What are the three most common calculation methods used to calculate risk in security?

Answer 5

Single Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Annualized Loss Expectancy (ALE)

Question 6

Define Single Loss Expectancy and state the formula

Answer 6

The cost associated with a threat that occurred. Essentially the amount lost if bad happens.

Asset Value (AV) * Exposure Factor (EF) = SLE

Question 7

Define Annualized Rate of Occurrence (ARO)

Answer 7

The number of times a year a threat will occur

Question 8

What is Annual Loss Expectancy?

Answer 8

The expected cost of realized threat over a given year.

Annual Loss Expectancy (ALE) = Single Loss Expectancy (SLE) * Annual Rate of Occurrence (ARO)

Question 9

Why is the ALE important?

Answer 9

It’s an important part of decision making.