Annual Loss Expectancy (ALE)quantifies a risk event’sexpected financial impactand is derived fromSingle Loss Expectancy (SLE) × Annualized Rate of Occurrence (ARO).
CRISC guidance states:
“A well-defined risk event includes quantified impact analysis such as annual loss expectancy to facilitate prioritization and comparison.”
Chain-of-custody and KPIs are unrelated to defining risk events.
Hence,Bis correct.
CRISC Reference:Domain 2 – IT Risk Assessment, Topic: Risk Quantification and Impact Analysis.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit