Managing Risk in Information Systems, 3rd Edition

Selecting a Methodology Based on Assessment Needs

Once the elements have been individually identified and evaluated, the associated risk needs to be calculated. The two primary methodologies that can be used are:

Quantitative risk assessment
Qualitative risk assessment

Quantitative Method

The quantitative method uses predefined formulas. The collected data is used to identify the following values:

Exposure factor (EF)—The EF describes the loss that will happen to an asset as a result of a threat and is expressed as a percentage value.
Single loss expectancy (SLE)—The SLE is the expected loss for any single incident. It is expressed in monetary terms, such as $1,000. The asset value (AV) multiplied by the EF equals the SLE.
Annual rate ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Risk in Information Systems, 3rd Edition by Darril Gibson, Andy Igonor

Selecting a Methodology Based on Assessment Needs

Quantitative Method

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly