Risk Management and Analysis
                   •  Terms
                          •  Threat: potential danger.
                          •  Threat agent: source has the
                              potential of causing a threat.
                          •  Exposure: damage factor.  An
                              instance of being exposed to losses
                              from a threat.  This is measurable.
                          •  Vulnerability: could be lack of
                              countermeasure or weakness in
                              countermeasure.
                          •  Risk: the likelihood of an unwanted
                              event and the impact.
                          •  Residual risk: the portion of risk that
                              remains after the implementation of
                              safeguards/countermeasures.
                          •  Total risk: comprised of threats,
                              vulnerabilities, and current asset
                              value.
                   •  Risk analysis – identify potential loss.  This
                       involves determining the value of assets and
                       what can harm them.  Risk analysis should
                       be top-down and repeatable.
                          •  Single loss expectancy (SLE) = Asset
                              Value $ x Exposure Factor %
                          •  Probability: the annual rate of
                              occurrence (ARO).
                          •  Annual loss expectancy (ALE) = SLE x
                              ARO