Larry is in charge of presenting risk assessment calculations to his boss by the end of the week. He concludes that a server with heavy traffic has an annualized loss expectancy (ALE) of $15,000 with an annualized rate of occurrence (ARO) of 5. What is the servers single loss expectancy (SLE) value?
A.
$5,000
B.
$3,000
C.
$75,000
D.
$20,000
Explanation:
The ALE formula is used to determine the potential financial loss of a specific
asset based upon the likely threats that may be realized. The ALE calculation is as
follows: SLE x ARO = ALE. In this example:
ALE ($15,000) = ARO (5) x SLE ($3,000).
For anyone that is still confused on this one, it is not a straight forward calculation. You have to break out your algebra skills.
Basically, you have 2 known values, the ALE and the ARO, and you need to derive the SLE from it.
So instead of trying to find the SLE using the ‘normal’ equation of actual value x exposure factor; you need to deduce what the SLE is by dividing the ALE by ARO which will give you the missing piece, the SLE.
For the exam, I would strongly suggest that you write down 3 equations:
SLE = AV x EF
ALE = SLE x ARO
Residual risk = (Threat x Vuln x AV) x control gap
That way you have something to reference when these questions come up.
it was pretty straight forward question.
Hi Ravi, Please notice my comment “it is not a straight forward calculation” , not “it is not a straight forward calculation”
Yes, I agree, it was a very straight forward question. It was not however, an straight forward “calculation” that is in the books. My goal was to assist those whose brains do not naturally think that way.
Exam Tip – Pay very close attention to detail. Those sorts of assumptions ~will~ trip you up.
Admin :for the purpose of those that are not professional in the field you have to explain how you calculate SLE to be #3,000