Which answer below is the BEST description of a Single Loss Expectancy (SLE)?
A.
An algorithm that determines the expected annual loss to an organization from a threat
B.
An algorithm that represents the magnitude of a loss to an asset from a threat
C.
An algorithm used to determine the monetary impact of each occurrence of a threat
D.
An algorithm that expresses the annual frequency with which a threat is expected to occur
Explanation:
The correct answer is “An algorithm used to determine the monetary impact of each occurrence of a
threat”. The Single Loss Expectancy (or Exposure) figure may be created as a result of a Business
Impact Assessment (BIA). The SLE represents only the estimated monetary loss of a single
occurrence of a specified threat event. The SLE is determined by multiplying the value of the asset by
its exposure factor. This gives the expected loss the threat will cause for one occurrence. Answer a
describes the Exposure Factor (EF). The EF is expressed as a percentile of the expected value or
functionality of the asset to be lost due to the realized threat event. This figure is used to calculate
the SLE, above. Answer “An algorithm that expresses the annual frequency with which a threat is
expected to occur” describes the Annualized Rate of Occurrence (ARO). This is an estimate of how
often a given threat event may occur annually. For example, a threat expected to occur weekly
would have an ARO of 52. A threat expected to occur once every five years has an ARO of 1/5 or .2.
This figure is used to determine the ALE. Answer d describes the Annualized Loss Expectancy (ALE).
The ALE is derived by multiplying the SLE by its ARO. This value represents the expected risk factor of
an annual threat event. This figure is then integrated into the risk management process.