The most difficult part of this entire process is risk identification. A risk is the likeliness of a threat actually leading to an incident. Predicting the chances of something being stolen or damaged is not an easy task. For the sake of budgeting a security program, risks can be quantified in money. The following formulas can aid in quantifying risks:
1.Single Loss Expectancy (SLE) = asset value x Exposure Factor (EF). ///
2.Annualized Loss Expectancy (ALE) = SLE x Annualized Rate of Occurrence (ARO).
0 Comments