A security analyst is performing a quantitative risk analysis.
The risk analysis should show the potential monetary loss each time a threat or event occurs.
Given this requirement, which of the following concepts would assist the analyst in determining this value? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BD.
The two concepts that would assist the analyst in determining the potential monetary loss each time a threat or event occurs are ALE and EF.
ALE = SLE * ARO
Where SLE (Single Loss Expectancy) is the amount of money that would be lost each time a threat occurs, and ARO (Annualized Rate of Occurrence) is the estimated frequency with which the threat is expected to occur in a year.
For example, if the SLE of a potential risk is $10,000 and the ARO is 0.1 (i.e., the threat is expected to occur once every 10 years), the ALE would be:
ALE = $10,000 * 0.1 = $1,000
Therefore, the ALE would be $1,000 per year.
EF = Asset Value Lost / Asset Value
For example, if the value of an asset is $100,000 and the potential loss due to a threat is $50,000, the EF would be:
EF = $50,000 / $100,000 = 0.5 or 50%
Therefore, the EF would be 50% of the asset value.
In conclusion, the ALE and EF concepts are important tools for performing a quantitative risk analysis and determining the potential monetary loss each time a threat or event occurs.