Posted filed under CISSP.

  • Quantitative Analysis (ALE=SLE x ARO)
    • ALE = Annualized Loss Expectancy (A dollar amount that estimates the loss potential from a risk in a span of year)
    • SLE = Single Loss Expectancy (A dollar amount that is assigned to a single event that represents the company’s potential loss)
    • ARO = Annualized Rate of Occurrence (Frequency of a threat expected to occur in a period of one year)

  • Qualitative Analysis (Delphi Method)
  • Quantitative vs. Qualitative (Pros & Cons)
  • Protection Mechanisms/Countermeasures Selection
  • Total Risk vs. Residual Risk
  • Risk Control Strategies


Risk Control Strategies

  • Avoidance
    • Apply safeguards that eliminate or reduce the remaining uncontrolled risks for a particular vulnerability.
  • Transfer
    • Transfer risks to outside entities or other areas of the organization.
  • Acceptance
    • Understand the consequences and accept risk.
  • Mitigation
    • Putting in place some controls to reduce impact should vulnerabilities be exploited




To Become Certified For CISSP Please Visit This Link;

Also published on Medium.

Comments are closed.