CISSP Security & Risk Management-Risk Analysis
- Quantitative Analysis (ALE=SLE x ARO)
- ALE = Annualized Loss Expectancy (A dollar amount that estimates the loss potential from a risk in a span of year)
- SLE = Single Loss Expectancy (A dollar amount that is assigned to a single event that represents the company’s potential loss)
- ARO = Annualized Rate of Occurrence (Frequency of a threat expected to occur in a period of one year)
- Qualitative Analysis (Delphi Method)
- Quantitative vs. Qualitative (Pros & Cons)
- Protection Mechanisms/Countermeasures Selection
- Total Risk vs. Residual Risk
- Risk Control Strategies
Risk Control Strategies
- Avoidance
- Apply safeguards that eliminate or reduce the remaining uncontrolled risks for a particular vulnerability.
- Transfer
- Transfer risks to outside entities or other areas of the organization.
- Acceptance
- Understand the consequences and accept risk.
- Mitigation
- Putting in place some controls to reduce impact should vulnerabilities be exploited
To Become Certified For CISSP Please Visit This Link;
Also published on Medium.