Which of the following provides the BEST risk calculation methodology?

Which of the following provides the BEST risk calculation methodology?
A . Annual Loss Expectancy (ALE) x Value of Asset
B . Potential Loss x Event Probability x Control Failure Probability
C . Impact x Threat x Vulnerability
D . Risk Likelihood x Annual Loss Expectancy (ALE)

Answer: B

Explanation:

Of the options given, the BEST risk calculation methodology would be Potential Loss x Event Probability x Control Failure Probability. This exam is about computer and data security so ‘loss’ caused by risk is not necessarily a monetary value.

For example:

Potential Loss could refer to the data lost in the event of a data storage failure.

Event probability could be the risk a disk drive or drives failing.

Control Failure Probability could be the risk of the storage RAID not being able to handle the number of failed hard drives without losing data.

Incorrect Answers:

A: Annual Loss Expectancy (ALE) is a monetary value used to calculate how much is expected to be lost in one year. For example, if the cost of a failure (Single Loss Expectancy (SLE)) is $1000 and the failure is expected to happen 5 times in a year (Annualized Rate of Occurrence (ARO)), then the Annual Loss Expectancy is $5000. ALE is not the best calculation for I.T. risk calculation.

C: Impact x Threat x Vulnerability looks like a good calculation at first glance. However, for a risk calculation there needs to be a definition of the likelihood (probability) of the risk.

D: Annual Loss Expectancy (ALE) is a monetary value used to calculate how much is expected to be lost in one year. ALE is not the best calculation for I.T. risk calculation.

References:

https://iaonline.theiia.org/understanding-the-risk-management-process

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments