Section 6: Risk Assessments

Question 1

Quantitative

Answer 1

Use of numerical values to determine asset values and projected loss

Question 2

Qualitative

Answer 2

Use subjective judgment to determine asset values and projected loss

Question 3

Asset Value (AV)

Answer 3

How much an asset is worth or costs to repair/replace

Question 4

Exposure Factor (EF)

Answer 4

Percentage of potential loss

Question 5

Single Loss Expectancy (SLE)

Answer 5

Cost of a single loss of an asset
Calculated through AV * EF

Question 6

Annualized Rate of Occurrence (ARO)

Answer 6

Estimated number of a threat occurrence per year

Question 7

Annualized Loss Expectancy (ALE)

Answer 7

Cost of overall loss per year
Calculated through SLE * ARO

Question 8

Annual Cost of Safeguard (ACS)

Answer 8

Cost of a countermeasure for the asset

Question 9

Cost Benefit Analysis Formula

Answer 9

(ALE1 - ALE2) - ACS
ACS - safeguard is $30,000
ALE 1 - $150,000 prior to implementation of safeguard
ALE 2 - $45,000 after implementation of safeguard
ALE 1 - ALE 2 = $105,000
$105,000 - $30,000 = $75,000 total savings

Question 10

Delphi Technique

Answer 10

Anonymous survey process to encourage honest responses to help reach a consensus

Question 11

Hybrid Analysis

Answer 11

Combining quantitative and qualitative results to perform a risk analysis

Question 12

Security Control Assessment

Answer 12

Evaluate controls required to meet security objectives through system development

Question 13

Privacy Control Assessment Steps

Answer 13

Prepare - identify objective, scope, timeframe, etc
Develop - identify which controls will be tested, get approval
Conduct - assess controls, create report
Analyze - review findings, address gaps