nerdexam
ExamsCERTIFIED-IN-CYBERSECURITYQuestions#101
(ISC)2(ISC)2

CERTIFIED-IN-CYBERSECURITY · Question #101

CERTIFIED-IN-CYBERSECURITY Question #101: Real Exam Question with Answer & Explanation

The correct answer is B: The expected cost per year of not performing a given risk-mitigating action. The Annualized Loss Expectancy (ALE) is a standard metric of risk exposure that refers to the expected cost per year of a given risk if it is not mitigated. The business impact of a risk is technically considered a loss, and is better captured by a metric called Single Loss Expec

Risk Management

Question

In the context of risk management, which information does ALE outline?

Options

  • AThe business impact of a risk
  • BThe expected cost per year of not performing a given risk-mitigating action
  • CThe probability of a risk coming to pass in a given year
  • DThe percentage of Asset Lost Efficiency

Explanation

The Annualized Loss Expectancy (ALE) is a standard metric of risk exposure that refers to the expected cost per year of a given risk if it is not mitigated. The business impact of a risk is technically considered a loss, and is better captured by a metric called Single Loss Expectancy (see ISC2 Study Guide, chapter 1, module 2). The probability of a risk coming to pass in a given year is best captured by a metric called Annualized Rate of Occurrence (ARO). Asset Lost Efficiency is a misleading term that is not directly related to risk management.

Topics

#Risk Management#Annualized Loss Expectancy#Quantitative Risk Analysis#Risk Assessment

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CERTIFIED-IN-CYBERSECURITY PracticeBrowse All CERTIFIED-IN-CYBERSECURITY Questions