Posts - Integrating the
Model in the Real

1/13/09: Audit & Risk - Seeing the Forest from the Trees

9/4/08: Security ROI

6/28/08: Boise: A
Terrorist Target?

5/10/01: FFIEC Business
Continuity Planning

4/3/08: SOX 404 Audits

Home>Introduction>Basic Components

Basic Components of Risk

  • Risk is the possibility that something of value will suffer harm or loss. The definition includes two components
    • Probability that a harmful event will occur
      • Probability is the likelihood that an organization will suffer harm from the failure of a person, process or system or from an external event. Probability is a function of
    • The amount of loss or Cost that will result from the event.
      • Cost (also referred to as Impact, Financial Exposure, Criticality or Importance) is the amount of losses an organization would potentially suffer from a negative or harmful event.
      • As used on the Simple Risk Model the calculation of Cost is based on the Annualized Loss Expectancy (ALE) or the estimated losses that a process will incur in a single event multiplied by the estimate of the number of times such event will occur in a year