We start with a Single Loss Expectancy, defined as the monetary loss in a classical quantitative methodology or the severity of loss in a qualitative methodology.
Then use either the 'likelihood' or in technical terms the Annualized Rate of Occurrence, defined as the probability that the event will happen in a given year.
These values are used to
So the formula is:
ALE = SLE * ARO
Which is more honestly illustrated (within IT risk analysis) as follows:
Click on image for larger view.
None of the risk analysis frameworks out there describe a realistic way of determining any of these values in any real way, its just dowsing for the 21st Century.
What likelihood essentially means then to the practitioners of this sort of black-art, is How afraid are you that a given bad thing will happen?
I personally believe that there are much better methods to measure that fear. We can, I suggest, measure that fear in a much more consistent manner. Start by looking at these entities related to IT risk analysis and you can begin to see how:
image attributions:
http://en.wikipedia.org/wiki/File:Harrows_Bristle_Board_Bullseye.JPG
http://en.wikipedia.org/wiki/File:Wilber%27s_BBQ_-_Pig_vane.jpg
http://en.wikipedia.org/wiki/File:18th_century_dowser.jpg
No comments:
Post a Comment