You are analyzing risk using a quantitative approach. Which of the following is used to evaluate risk? (Wentz QOTD)
A. The value of the asset (AV)
B. Annualized rate of occurrence (ARO)
C. Exposure factor (EF)
D. Risk exposure
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Risk exposure.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
ALE = SLE * ARO = (AV * EF) * ARO
The annualized loss expectancy (ALE) is a quantitative form of risk exposure. AV, EF, SLE, and ARO are parameters of the ALE.
Reference
您正在使用定量方法分析風險。 以下哪項用於評估風險? (Wentz QOTD)
A. 資產價值(AV)
B. 年發生率(ARO)
C. 暴露因子(EF)
D. 風險暴露(Risk exposure)