Risk Assessment
Once you’ve identified the threats and vulnerabilities facing an organization, you should turn to a formal risk assessment process that identifies the priority of addressing each risk. You may choose to do this by performing either a quantitative or qualitative risk assessment.
NOTE
You calculate ALE by multiplying the SLE by the ARO with the following formula:
ALE = SLE × ARO
Using the database with 1,000 records discussed above as an example, the SLE is $50,000. If we expect that the database will be compromised twice per year, the ARO is 2, and the ALE is $100,000:
$50,000 × ...
Get Access Control and Identity Management, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
