There are two methods to doing this: qualitative and quantitative. Qualitative does not assign dollar values to components of the risk analysis.
A quantitative assessment process involves these three steps:
- Estimate potential losses – Single Loss Expectancy (SLE) = Asset Value x Exposure Factor.
- Conduct a threat analysis – the goal is to estame the Annual Rate of Occurrence (ARO). This number value represents how many times the event is expected to happen in one year.
- Determine Annual Loss Expectancy (ALE) – this formula is calculated as follows: ALE = Single Loss Expectancy (SLE) x Annual Rate of Occurrence (ARO)