📖 What is Single Loss Expectancy (SLE)?
Single Loss Expectancy (SLE) is the monetary loss expected each time a specific threat exploits a vulnerability. It is calculated by multiplying the Asset Value (AV) by the Exposure Factor (EF), representing the cost of a single event.
"Keep the formula simple: Asset Value x Exposure Factor = SLE. If an asset is worth $10,000 and a fire destroys 50% of it, your SLE is $5,000."
📚 Certification: Certified Information Security Manager (CISM)
🔑 What are the Key Concepts of Single Loss Expectancy (SLE)?
- ▸ Asset Value (AV) represents the total monetary worth of the asset, including replacement costs and lost revenue during downtime.
- ▸ Exposure Factor (EF) is the percentage of loss an asset suffers when a specific threat is realized, expressed as a decimal.
- ▸ SLE is a primary metric in quantitative risk assessment, allowing managers to assign a concrete dollar value to potential losses.
- ▸ It serves as the critical input for calculating Annualized Loss Expectancy (ALE), which helps in determining the cost-benefit of controls.
🎯 How does Single Loss Expectancy (SLE) appear on the CISM Exam?
You may be asked to calculate the SLE given a specific asset value and a percentage of loss, requiring you to apply the formula AV x EF to determine the financial impact.
A scenario might describe multiple assets with different values and exposure factors, asking you to identify which asset represents the highest single-event risk based on the calculated SLE.
❓ Frequently Asked Questions
What is the difference between SLE and ALE?
SLE measures the loss from one single occurrence of a threat. ALE extends this by multiplying the SLE by the Annual Rate of Occurrence (ARO) to find the expected yearly cost.
Can the Exposure Factor be greater than 100%?
Typically, EF is between 0% and 100% as it represents the portion of an asset lost. However, in some contexts, secondary losses can exceed the original asset value.