Risk Management

Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).

Key Terms

Term Definition
Risk management the process of identifying, assessing, and prioritizing organizational risk
Risk The potential of losing something that is of value to an organization
Risk assessment the process of analyzing risk
Risk analysis analysis uses information to identify possible sources of risk and identify threats or events that could have a harmful impact
Countermeasures A measure taken to counter or offset a threat
Threat A danger that exploits a vulnerability to breach security
Security controls Safeguards or countermeasures implemented to minimize security risks.
Compliance Obligations to external authorities and information security reviews
Asset Any resource, product, system, process, or any other organizational resource that has value to an organization
Tangible assets Assets that have a physical presence and an identifiable value
Intangible assets Assets that are not physical but still represent a value to the organization’s image, its operations, and the ability to compete in the market
Quantitative Risk Analysis This type of risk analysis assigns independent, objective, numeric monetary values to the elements of risk assessment and the assessment of potential losses
Single Loss Expectancy (SLE) The estimate of the amount of damage that an asset will suffer due to a single incident
Exposure Factor (EF) A potential percent of loss to a specific asset if a particular threat is realized. This is regarded as a subjective measure
Annual Rate of Occurrence (ARO) the number of times per year that an incident is likely to occur
Annual Loss Expectancy (ALE) the yearly financial impact to the organization from a particular risk
Qualitative Risk Analysis Evaluates the impact or effect of threats on the business process or the goals of the organization with a scenario-oriented, carefully reasoned risk assessment
Risk mitigation Reducing the severity of a loss or the likelihood of the loss from occurring
Risk Exposure A quantifiable loss potential