Risk assessment that gives a numerical (typically monetary) value to the impact of a threat occuring.
How much money could be lost at any one time which is determined by the formula: AV * EF + SLE
How much an asset is worth.
The amount of the asset that would be impacted (amount of time, % of data, etc) by a threat event.
How much can be expected to be lost in a year due to a single threat event which is determined by the formula: SLE * ARO = ALE
How often a threat event per year (typically determined by historical data).
Risk assessment that defines an event’s level of risk in words rather than numbers which is determined by the potential level of impact and the likelihood of occurrence.
Risk response that removes the risk by avoiding the behavior completely.
Risk response that shares the responsibility of the risk with someone else.
Risk response that accepts the risk as is.
Risk response that takes steps to avoid the risk or minimize the impact or likelihood.
