Single Loss Expectancy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2023 04:44 AM
Hi everyone!
I wanted to know the accuracy or reliability of the single loss expectancy (SLE) values,
how it is being found & if we have any set of criteria or way to verify its correctness...
Any related info will be appreciated!
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2023 06:53 AM
Hi @aman_sharma_07 ,
If you're using classic risk, in the Default Scores section, fill in the fields.
Field | Description |
---|---|
Inherent SLE | Single-loss expectancy (SLE) is the monetary value expected from the occurrence of a risk on an asset if there are no controls to check the event. |
Residual SLE | Monetary value expected from the occurrence of a risk on an asset if there are controls to check the event. |
These values are manually filled along with discussion with your organizations Compliance and Risk teams.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2023 10:32 PM
Hi @aman_sharma_07 ,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 05:15 AM
Hi @Community Alums ,
That was correct definition of both SLEs but I wanted to know if there exists any accuracy check on the value (especially for calculated ALE) with respect to the actual loss incurred..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 06:32 AM
Hi @aman_sharma_07 ,
Calculated ALE = Residual ALE + ((Inherent ALE - Residual ALE) * (Calculated Risk Factor / 100))
- Qualitative Inherent ALE = Inherent ARO x Inherent SLE
- Qualitative Inherent Score = Inherent Likelihood x Inherent impact
- Quantitative Residual ALE = Residual ARO x Residual SLE
- Qualitative Residual Score = Residual SLE
When scoring is set to qualitative, the quantitative values are updated in the background.
The Calculated Score for risk is a read-only field designed to quickly assess a risk affecting the organization, and identify threats and areas of non-compliance.
If controls are implemented to mitigate risk, then
- Calculated ALE = Residual ALE + ((Inherent ALE - Residual ALE) * (Calculated Risk Factor / 100)).
- So: Calculated Score = Residual Score only if Compliance with the controls is 100%.
If the Calculated Score > Residual Score, the organization is not 100% compliant with the controls used to mitigate risk.
Meaning that the Calculated Score can never be less than the Residual Score or greater than the Inherent Score.
If controls are not implemented to mitigate risk, then Calculated Score = Residual Score.
If the Residual Score is not set, then Calculated Score = Inherent Score.
The calculated risk factor value is calculated as:
- Calculated Risk Factor = (Indicator failure factor + Control failure factor) / 2
Control failure factor -> Sum of failed controls weighting divided by total controls weighting.
Indicator failure factor -> Uses the last result of each associated indicator. The number of last results failed divided by the total number of indicators associated.