Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
Assessing the security of a network always begins with a risk assessment plan. Cybersecurity risk assessment involves considering the assets you are trying to protect, the threats facing those assets, the vulnerabilities in your systems, and the measures you can take to protect your IT assets.
Several formulas exist for calculating risk. The most fundamental calculation is the Single Loss Expectancy (SLE), which represents what a single loss event would cost. This is calculated by multiplying the asset value (AV) by the exposure factor (EF). The exposure factor is a percentage that represents how much of an asset’s value would be lost in a given event. For example, according to insurance companies, a laptop that loses 20% of its value is worth only 80% of its original value in the event of loss or theft, and that amount is paid out.
Formula: SLE = AV × EF
Therefore, if a laptop is purchased for 800 TRY and loses 10% of its value annually — giving an exposure factor of 0.9 (90%) — the SLE for a stolen or lost laptop would be calculated as follows:
SLE = 800 (AV) × 0.9 (EF)
SLE = 720 TRY
The next formula is the Annualised Loss Expectancy (ALE), which indicates how much loss can be expected from a specific type of incident over the course of a year. The formula is SLE multiplied by the Annual Rate of Occurrence (ARO):
ALE = SLE × ARO
Continuing the laptop example, if you expect to lose six laptops per year, the calculation would be:
ALE = 720 (SLE) × 6 (ARO)
ALE = 4,320 TRY
As you can see, the mathematical calculation is actually quite straightforward. Another concept to understand is residual risk — essentially, how much risk remains after all steps have been taken to address a given risk. This also brings us back to the question of how to handle an identified risk.
You May Be Interested In These
