SSCP: Quantitative Risk Analysis

Here are some terms and calculations for Quantitative Risk Analysis as used with the Risk, Response and Recovery Domain of the SSCP CBK.

EXPOSURE FACTOR
(EF)
(% Percentage)
Harm or Loss by Presumed Successful Attack/Threat

SINGLE LOSS EXPECTANCY
(SLE)
(£ Monetary Value)
ASSET VALUE * EF

ANNUAL RATE OF OCCURRENCE
(ARO)
(Probability)
Probability of Risk, 1.0 = Guaranteed to Happen

ANNUAL LOSS EXPECTANCY
(ALE)
(£ Monetary Value)
ALE = ARO*SLE

RETURN ON INVESTMENT
(ROI)
(*100 = ROI %)
Annualised Cost of Countermeasures (Risk Mitigation) / ALE

"The best way to keep one's word is not to give it." - Napoleon Bonaparte