Please enable JavaScript.
Coggle requires JavaScript to display documents.
2a - Quantitative risk analysis - Coggle Diagram
2a - Quantitative risk analysis
Inventory assets and assign an asset value (AV)
Produce a list of all possible threats to each individual asset
For each asset-threat pairing,
calculate the exposure factor (EF)/loss potential
Percentage of loss that an organization would experience if a specific asset were violated by a realized risk
Can be calculated via historical internal data, statistical analysis, consulting public or subscription risk ledgers/registers, working with consultants, or using a risk management software solution
Calculate the Single Loss Expectancy (SLE) for each asset-threat pairing
SLE = AV x EF
Perform a threat analysis to calculate the likelihood of each threat being realized in a single year: annualized rate of occurence (ARO)
Expected frequency with which a specific threat or risk will occur within a single year
Can be calculated via historical internal data, statistical analysis, consulting public or subscription risk ledgers/registers, working with consultants, or using a risk management software solution
Derive the overall loss potential per threat by calculating the annualized loss expectancy (ALE)
Possible yearly loss of all instances of a specific realized threat against a specific asset
ALE = SLE x ARO = AV x EF x ARO
Research countermeasures for each threat and then calculate the changes to ARO, EF, and ALE based on an applied countermeasure
Perform a cost/Benefit analysis of each countermeasure for each threat for each asset. Select the most appropriate response to each threat.
Calculate Annual Cost of the Safeguard (ACS)
Cost of purchase, development, licensing
Cost of implementation and customization
Cost of annual operation, maintenance, administration
Cost of annual repairs and upgrades
Productivity improvement or loss
Changes to environment
Cost of testing and evaluation
Value of the safeguard = (ALE pre-safeguard - ALE post-safeguard) - ACS
If value of safeguard < 0, bad choice, else good choice