From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Collect information: Part 2
From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Collect information: Part 2
- [Instructor] Now when we talk about quantitative analysis, now we're talking about dollar signs. And one of the most important numbers that we consider when we talk about quantitative analysis is the ALE, the annualized loss expectancy. That's how much we expect to lose, per year, if we let the bad thing happen. Let's say we let the hurricane hit us, or the hacker attack us, or the fire occur. That's what we're expecting. Now in order to come up with this ALE, we first start with the asset's value. Now remember all those things a couple of slides ago, we talked about went into calculating the asset's value. How much did it cost to acquire. How much did it cost to replace. How much are our adversaries willing to pay for it. What laws might be in place to govern it, or what liability constraints we may have around it. All of those things go into calculating its value. That's going to be a dollar amount. Now we multiply that by something called the exposure factor, the EF. The exposure…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.