Risk Management
Completion requirements
Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).
Key Terms
| Term | Definition |
| Risk management | the process of identifying, assessing, and prioritizing organizational risk |
| Risk | The potential of losing something that is of value to an organization |
| Risk assessment | the process of analyzing risk |
| Risk analysis | analysis uses information to identify possible sources of risk and identify threats or events that could have a harmful impact |
| Countermeasures | A measure taken to counter or offset a threat |
| Threat | A danger that exploits a vulnerability to breach security |
| Security controls | Safeguards or countermeasures implemented to minimize security risks. |
| Compliance | Obligations to external authorities and information security reviews |
| Asset | Any resource, product, system, process, or any other organizational resource that has value to an organization |
| Tangible assets | Assets that have a physical presence and an identifiable value |
| Intangible assets | Assets that are not physical but still represent a value to the organization’s image, its operations, and the ability to compete in the market |
| Quantitative Risk Analysis | This type of risk analysis assigns independent, objective, numeric monetary values to the elements of risk assessment and the assessment of potential losses |
| Single Loss Expectancy (SLE) | The estimate of the amount of damage that an asset will suffer due to a single incident |
| Exposure Factor (EF) | A potential percent of loss to a specific asset if a particular threat is realized. This is regarded as a subjective measure |
| Annual Rate of Occurrence (ARO) | the number of times per year that an incident is likely to occur |
| Annual Loss Expectancy (ALE) | the yearly financial impact to the organization from a particular risk |
| Qualitative Risk Analysis | Evaluates the impact or effect of threats on the business process or the goals of the organization with a scenario-oriented, carefully reasoned risk assessment |
| Risk mitigation | Reducing the severity of a loss or the likelihood of the loss from occurring |
| Risk Exposure | A quantifiable loss potential |