Which answer below is the BEST description of a Single Loss
Expectancy (SLE)?
A.
An algorithm that determines the expected annual loss to an
organization from a threat
B.
An algorithm that represents the magnitude of a loss to an asset
from a threat
C.
An algorithm used to determine the monetary impact of each
occurrence of a threat
D.
An algorithm that expresses the annual frequency with which a
threat is expected to occur
Explanation:
The correct answer is “An algorithm used to determine the monetary impact of each
occurrence of a threat”. The Single Loss Expectancy (or Exposure)
figure may be created as a result of a Business Impact Assessment
(BIA). The SLE represents only the estimated monetary loss of a single
occurrence of a specified threat event. The SLE is determined by
multiplying the value of the asset by its exposure factor. This gives
the expected loss the threat will cause for one occurrence.
Answer a describes the Exposure Factor (EF). The EF is expressed
as a percentile of the expected value or functionality of the asset to be
lost due to the realized threat event. This figure is used to calculate
the SLE, above.
Answer “An algorithm that expresses the annual frequency with which a
threat is expected to occur” describes the Annualized Rate of Occurrence (ARO).
This is an estimate of how often a given threat event may occur annually.
For example, a threat expected to occur weekly would have an
ARO of 52. A threat expected to occur once every five years has an
ARO of 1/5 or .2. This figure is used to determine the ALE.
Answer d describes the Annualized Loss Expectancy (ALE). TheALE is derived by multiplying the SLE by its ARO. This value represents
the expected risk factor of an annual threat event. This figure is
then integrated into the risk management process.