Quantitative risk

This method of analysis tries to put in some numbers so that there are some analytical values to identify the risks involved.

Let's discuss the terminologies involved in the risk calculation:

• Asset Value (AV): The cost of an asset. For example, a router is an asset and the cost to purchase, install, and maintain it would be referred to as the asset value for the router.
• Exposure Factor (EF): The amount the loss could have incurred on an asset. For example, the risk assessment team might check the EF due to a natural catastrophe affecting the server farm and at what percentage.
• Single Loss Expectancy (SLE): The single instance of a threat on an asset and the loss incurred from it.

Mathematically, SLE is equal to AV*EF.

• Annualized Rate of Occurrence (ARO): The rate of the threat occurrence on a per-annum basis.
• Annualized Loss Expectancy (ALE): The loss to the organization due to a threat occurring on a per-annum basis

Mathematically ALE is equal to ARO * SLE.