Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO),
and Annual loss expectancy (ALE)?

Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO),
and Annual loss expectancy (ALE)?

A.
ALE= ARO/SLE

B.
ARO= SLE/ALE

C.
ARO= ALE*SLE

D.
ALE= ARO*SLE

Explanation:

A quantitative risk assessment quantifies risk in terms of numbers such as dollar values. This
involves gathering data and then entering it into standard formulas. The results can help in
identifying the priority of risks. These results are also used to determine the effectiveness of
controls. Some of the terms associated with quantitative risk assessments are :
Single loss expectancy (SLE)-It refers to the total loss expected from a single incident. This
incident can occur when vulnerability is being exploited by threat. The loss is expressed as a dollar
value such as $1,000. It includes the value of data, software, and hardware. SLE = Asset value *
Exposure factor
Annual rate of occurrence (ARO)-It refers to the number of times expected for an incident to occur
in a year. If an incident occurred twice a month in the past year, the ARO is 24. Assuming nothing
changes, it is likely that it will occur 24 times next year. Annual loss expectancy (ALE)-It is the
expected loss for a year. ALE is calculated by multiplying SLE with ARO. Because SLE is a given
in a dollar value, ALE is also given in a dollar value. For example, if the SLE is $1,000 and the
ARO is 24, the ALE is $24,000.
ALE = SLE * ARO Safeguard value-This is the cost of a control. Controls are used to mitigate risk.
For example, antivirus software of an average cost of $50 for each computer. If there are 50

formulas and are not used in quantitative risk assessment.



Leave a Reply 0

Your email address will not be published. Required fields are marked *