QUANTITATIVE RISK ASSESSMENT: YIELDMORE IT ASSET

Notes

1. Exposure Factor is the subjectively determined percentage of loss to a particular asset if the identified risk occurs.

2. Single Loss Expectancy (SLE) is the financial loss the organization will suffer if the particular risk occurs to identified assets. Single Loss Expectancy is calculated by multiplying the asset value by the exposure factor as shown:

Single Loss Expectancy = Asset Value x Exposure Factor

3. The Annualized Rate of Occurrence (ARO) refers to the frequency of the risks occurring in a year. This value is also assigned depending on the factors increasing the frequency of the risks occurring internally or externally.

4. Annualized Loss Expectancy (ALE) is the annual anticipated financial loss an organization will suffer on it information asset as a result of the risk occurring within the same year. It is this value that the management of YieldMore needs to monitor most to decide whether or not to take the necessary steps to mitigate the risk. One of the ways of justifying taking risk measures is to analyze the cost savings that will result from spending a certain amount of money on mitigating the risk. For instance, if it will cost the YieldMore $200 to install the antivirus to protect its email server from virus attack, then the cost savings will be the difference between the annualized loss expectancy and the cost of antivirus ($31,137.54- $ 200 = $30937.54). This is calculated by multiplying single loss expectancy by an annualized rate of occurrence as shown below:

Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) x Annualized Rate of Occurrence (ARO)