Risk Assessment

Question 1

Risk assessment

Answer 1

Focuses on evaluating the likelihood of identified threats exploiting weaknesses

Question 2

Likelihood

Answer 2

Describes the probability that an event will occur

Question 3

Impact

Answer 3

How disastrous the event would be if it were to happen

Question 4

Qualitative

Answer 4

Quality subjective opinion not hard or substantial facts. Involves assigning less precise values ( critical, high, medium, and low) to likelihood and impact
Should be completed first in risk assessment

Question 5

Quantitative

Answer 5

Quantity it’s a number
More precise and objective because it uses verifiable data to analyze the impact and likelihood of each risk

Question 6

Annualized loss expectancy(ALE)

Answer 6

What it cost every year if we do nothing
ALE = SLE * ARO

Question 7

Single Loss expectancy (SLE)

Answer 7

What does it cost if it happens once
SLE = AV * EF

Question 8

Asset Value (AV)

Answer 8

How much is the asset worth
Tangible and intangible

Question 9

Exposure Factor(EF)

Answer 9

Estimated percentage of loss to a specific asset if a specific threat is realized

Question 10

Annual Rate of Occurrence(ARO)

Answer 10

How often does this happen every year