What can be described as a measure of the magnitude of loss or impact on the value of an asset?

A.
Probability

B.
Exposure factor

C.
Vulnerability

D.
Threat

Explanation:
The Exposure Factor (EF) is a measure of the magnitude of loss or impact (usually as a percentage) on the
value of an asset. It is used for calculating the Single Loss Expectancy (SLE) which in turn is used to calculate
the Annual Loss Expectancy (ALE).
The Single Loss Expectancy (SLE) is a dollar amount that is assigned to a single event that represents the
company’s potential loss amount if a specific threat were to take place. The equation is laid out as follows:
Asset Value × Exposure Factor (EF) = SLE
The exposure factor (EF) represents the percentage of loss a realized threat could have on a certain asset. For
example, if a data warehouse has the asset value of $150,000, it can be estimated that if a fire were to occur,
25 percent of the warehouse would be damaged, in which case the SLE would be $37,500:
Asset Value ($150,000) × Exposure Factor (25%) = $37,500
Incorrect Answers:
A: Probability is the likelihood of something happening. This is not what is described in the question.
C: A vulnerability is the absence or weakness of a safeguard that could be exploited. This is not what is
described in the question.
D: A threat is any potential danger that is associated with the exploitation of a vulnerability.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87