occurring. This is especially difficult when trying to predict a
            development that is related to new technology, or that has not
            happened previously. In this case, historical data is not
            available, and determining the probability of a risk event is
            based primarily on guesswork.

            Since events will happen at various intervals, using a common
            denominator of an annual measure is useful so that a comparison
            can be made. Since most security budgets are also calculated
            yearly, the use of a yearly risk calculation is better suited to
            supporting budget calculations.


            The formula for ARO is simply:
            ARO = Incidents / Year



            Annualized Loss Expectancy (ALE)
            ALE is the combination of Single Loss Expectancy (SLE) and
            Annualized Rate of Occurrence (ARO).

            ALE = SLE * ARO

            Therefore if an event that would cost $1,000,000 would happen
            once in ten years the formula would be:

            ALE = 1,000,000 * 1/10
            ALE = $100,000

            The purpose of this calculation is to provide justification for risk
            mitigation activities since it would never be wise to spend more
            to protect an asset than it is worth. To focus on the areas of most