Maybe if we lose a particular resource, maybe a mail server perhaps in your environment, losing a mail server for day isn’t an enormous problem or perhaps maybe in your other environment, losing a mail server is a big deal. So you need to think about what the impact that will be should that particular resource no longer be available. It’s sometimes very useful when you’re trying to calculate risk, to put it in dollar signs- to get an absolute number from it so we want to come up with ways to quantify what type of risk we may be taking with these.
We want a dollar value that we can associate with this, and that way we’re able to make some business decisions based on those risks that we have. One or more ways to do this, is to determine what the single loss expectancy might be if a particular resource was made unavailable. If that web server goes down, if we lose our database server, if our mail server is not available and that resource is not available for people, how much money can we expect to lose from that? and then on top of that, we need to think about what should we expect or how often should we expect that particular resource not to be available for an entire year and what we’ll do is find the annual loss expectancy, which is how much the single loss was, multiplied by an annual rate of occurrence.