To answer these, Let us look at the Below six major element of Quantitative Risk Analysis.

Asset Value (AV) – How much is the asset worth?

Exposure factor (EF) – Percentage of Asset Value lost?

Single Loss Expectancy (SLE) – (AV x EF) – What does it cost if it happens once?

Annual Rate of Occurrence (ARO) – How often will this happen each year?

Annualised Loss Expectancy (ALE1) without safeguard – (SLE x ARO) – This is what it cost per year if we do nothing.

Annualised Loss Expectancy (ALE2) post safeguard – (SLE x ARO) – This is what it cost per year if we put countermeasure.

The annual cost of Safeguard (ACS)

Cost-Benefit Analysis: if (ALE1-ALE2-ACS) > 0 = Safeguard is Good else it is not a good choice financially.

Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing price (Normally Operational)

Lets understand this mathematical formulas of quantitative Risk analysis with below Case study: Case Study: Data Center Suppose Company XYZ Data Center is valued at 100,000,000 USD. i.e. AV = 100,000,000 USD Data Center has a risk because of Natural calamity such as Flooding. i.e. Threat = Flooding If a flooding happens 15% of the DC is compromised. i.e. EF = 15% Loss per Flooding i.e. SLE = AV x EF = 100,000,000 x 15% = 15,000,000 USD The flooding happens once in 5 years i.e. ARO = 0.20 Hence Loss per year because of flooding would be ALE = SLE x ARO = 15,000,000 x 0.20 = 3,000,000 USD

Some other examples are summarized in below table.

Pingback: Domain 1: Security & Risk Management – mrcissp