Risk

18th December 2019 | Cybrary Risk

Intersection of Threats, Assets, and Vulnerabilities is your Risk

Intersection of Threats, Assets, and Vulnerabilities is your Risk

Risk is the potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk is the combination of threats and vulnerabilities to an asset. Risk is calculated in business by looking at three different categories. 

  • ARO– Annual Rate of Occurrence (Chance that incident will happen)
  • SLE– Single Loss Expectancy (Dollar amount expected to lose if incident is to occur)
  • ALE– Annual Loss Expectancy (How much should be budgeted for incident)

The Annual Loss Expectancy is calculated by using this formula: ARO x SLE = ALE

  • Example: 50% chance that a ransomware attack occurs that would cost the company $1,000,000 if attack were to occur. 
  • ARO x SLE = ALE -> (0.5) x (1,000,000) = $500,000 -> $500,000 is the Annual Loss Expectancy

Source: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5

Related Terms: Threat, Vulnerability

To learn more about cyber risk, watch this short video:

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more