Scribd Logo
Upload

Welcome to Scribd!

  • Identify Threats To The Asset

    Uploaded by

    Kudry
    7 views2 pages
    This document outlines the steps for conducting a quantitative risk assessment: 1. Determine exposure factors for each asset in relation to identified threats 2. Calculate single loss expectancy by multiplying asset value by exposure factor 3. Calculate annualized rate of occurrence and annualized loss expectancy It notes that while quantitative assessments assign dollar values for management, not all elements can be assigned values. Qualitative measures and automated tools are often used to supplement the quantitative assessment.

    Original Description:

    Identify threats to the asset

    Original Title

    Identify threats to the asset

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the steps for conducting a quantitative risk assessment: 1. Determine exposure factors for each asset in relation to identified threats 2. Calculate single loss expectancy by multiplying asset value by exposure factor 3. Calculate annualized rate of occurrence and annualized loss expectancy It notes that while quantitative assessments assign dollar values for management, not all elements can be assigned values. Qualitative measures and automated tools are often used to supplement the quantitative assessment.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views2 pages

    Identify Threats To The Asset

    Uploaded by

    Kudry
    This document outlines the steps for conducting a quantitative risk assessment: 1. Determine exposure factors for each asset in relation to identified threats 2. Calculate single loss expectancy by multiplying asset value by exposure factor 3. Calculate annualized rate of occurrence and annualized loss expectancy It notes that while quantitative assessments assign dollar values for management, not all elements can be assigned values. Qualitative measures and automated tools are often used to supplement the quantitative assessment.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Identify threats to the asset.

    3. Determine the exposure factor (EF) for each information asset in relation to each
    threat.
    4. Calculate the single loss expectancy (SLE).
    5. Calculate the annualized rate of occurrence (ARO).
    6. Calculate the annualized loss expectancy (ALE).
    84
    The advantage of a quantitative risk assessment is that it assigns dollar values, which is easy for
    management to work with and understand. However, a disadvantage of a quantitative risk
    assessment is that it is also based on dollar amounts. Consider that it’s difficult, if not impossible,
    to assign dollar values to all elements. Therefore, some qualitative measures must be
    applied to quantitative elements. Even then, this is a huge responsibility; therefore, a quantitative
    assessment is usually performed with the help of automated software tools. Assuming
    that asset values have been determined as previously discussed and threats have been identified,
    the next steps in the process are as follows:
    STEP BY STEP
    2.1 Quantitative Risk Assessment
    1. Determine the exposure factor—This is a subjective potential percentage of loss to a specific asset if a
    specific threat is realized. This is usually in the form of a percentage, similar to how weather reports
    predict the likelihood of weather conditions.
    2. Calculate the single loss expectancy (SLE)—The SLE value is a dollar figure that represents the organization’s
    loss from a single loss or the loss of this particular information asset. SLE is calculated as
    follows:
    Single Loss Expectancy = Asset Value × Exposure Factor
    Items to consider when calculating the SLE include the physical destruction or theft of assets, loss of
    data, theft of information, and threats that might delay processing.
    Chapter 2: IT Governance
    Single Loss
    Expectancy Annualized Risk
    Impact or Loss
    Vulnerability
    Threat
    Reduce
    Risk
    Assign
    Risk
    Accept
    Risk
    FIGURE 2.5 The risk-assessment process.
    Risk Identification and Management
    85

    3. Included in the final inventory schedule.

     
    40. An internal control questionnaire indicates that an approved receiving report is required to
    accompany every check request for payment of merchandise. Which of the following
    procedures provides the greatest assurance that this control is operating effectively? 
    A. Select and examine receiving reports and ascertain that the related canceled checks are
    dated no earlier than the receiving reports.
    B. Select and examine receiving reports and ascertain that the related canceled checks are
    dated no later than the receiving reports.
    C. Select and examine canceled checks and ascertain that the related receiving reports are
    dated no earlier than the checks.
    D. Select and examine canceled checks and ascertain that the related receiving reports are
    dated no later than the checks.

    41. A client's physical count of inventories was higher than the inventory quantities per the
    perpetual records. This situation could be the result of the failure to record: 
    A. Sales.
    B. Sales discounts.
    C. Purchases.

    You might also like