Quantitative risk analysis is done in 6 steps.
- Assign Asset Value (AV)
- Calculate Exposure Factor (EF)
- Calculate Single Loss Expectancy (SLE)
- Assess the annualised rate of occurrence (ARO)
- Derive the annualised loss expectancy (ALE)
- Perform cost/benefit analysis of countermeasures
Exposure Factor (EF) represents the percentage of loss when an asset is violated.It can also be called as loss potential. Expressed in percentage.
Single Loss Expectancy (SLE) is the monetary value of loss for a single realised risk against an asset. EF is needed to calculate SLE. Expressed in dollar value.
SLE = Asset Value(AV) * Exposure Factor (EF)
Annualised Rate of Occurrence (ARO) is the expected frequency of occurrence for a risk or threat within a year.
Annualised Loss Expectancy (ALE) is the possible yearly cost of all occurrences of a threat against a specific asset.
ALE = SLE * ARO