Provide an example of a measurement used in quantitative information security risk analysis.
What challenges are involved in calculating such a measurement?
Example:
For an order that needed to be delivered three days later, 1,000 inventory items were set on fire, worth $50,000.
Asset value=50000 Exposure factor=50%
1. SLE= Asset value × Exposure factor
SLE=25000
2. ARO=0.5%
3. ACE=SLE×ARO
ACE=2.5
Challenge :The exact value of ARO is difficult to estimate.
Qian Wang says
Example:
For an order that needed to be delivered three days later, 1,000 inventory items were set on fire, worth $50,000.
Asset value=50000 Exposure factor=50%
1. SLE= Asset value × Exposure factor
SLE=25000
2. ARO=0.5%
3. ACE=SLE×ARO
ACE=2.5
Challenge :The exact value of ARO is difficult to estimate.