Quantitative Risk Assessments Flashcards
What is Quantitative Risk Assessments?
Based on numeric values.
Asset value (AV)
Exposure factor (EF) - percentage of asset value loss when negative incident occurs.
What is Single Loss Expectancy (SLE)?
How much loss is experienced during one negative incident? Multiply asset value (AV) by the exposure factor (EF)
Asset value (AV) = $24,000
Exposure factor (EF) = 12.5%
$24,000 (AV) * 0,125 (EF)= $3,000 (SLE)
Quantitative Risk Assessment
Annualized Rate of Occurrence (ARO) - expected number of yearly occurrences. Example: 2-3 times per year.
Annualized Loss Expectancy (ALE) - total yearly cost of bad things happening. ALE=SLE x ARO
Qualitative Risk Assessments
Based on subjective opinions regarding: *threat likelihood
*impact of realized threat.
Threats are given a severity rating.
What is Risk Register?
Organizations should have one (or more)
Centralized list risks, severities, responsibilities, and mitigations.
Generally considered qualitative. - example: severity or impact ratings * occasionally includes hard numbers (%,$)
What is a Risk Heat Map?
Take risk severity levels and map visually by color.
What is a Risk Matrix?
Table of risk details similar to a heat map but without colors.
