💻 Hu Bowen

❯

❯

❯

❯

06 - Risk Control

06 - Risk Control

Dec 10, 20241 min read

Risk Control Strategies

Avoidance / Defend — Implement policies or technology to get rid of the risk
Transfer — Buy insurance, let another more experienced company handle the risk
Mitigation — Reduce the impact (buy anti-virus, come up with backup plans)
Accept — Asset does not justify the cost of protection (perform cost benefit analysis)
Terminate — Avoid activities that introduces uncontrollable risks

Quantitative & Qualitative Analysis

Quantitative: Use numbers & data
Qualitative: Other methods not using numbers & data

Cost Benefit Analysis

Cost

Cost of development/acquisition
Training fees
Implementation cost
Service cost

Single Loss Expectancy (SLE)

Formula: $S L E = a sse t v a l u e \times EF$

Annualised Rate of Occurrence (ARO)

How often an attack is expected to successfully occur in a year.

Annualised Loss Expectancy (ALE)

Overall loss expected per risk incurred by an attack
Formula: $A L E = S L E \times A RO$

Cost Benefit Analysis Formula

ALE(prior) — Loss expectancy before implementation of risk control
ALE(post) — Loss expectancy after implementation of risk control
ACS — Annualised cost of safeguard
Formula: $CB A = A L E (p r i or) - A L E (p os t) - A CS$

Graph View

Risk Control Strategies
Quantitative & Qualitative Analysis
Cost Benefit Analysis

Backlinks

No backlinks found

Created with Quartz v4.3.1 © 2024

GitHub
LinkedIn