CISSP Domain 1: Risk Assessment & the ALE Formula

On the CISSP, risk equals the likelihood a threat exploits a vulnerability times the impact - and the quantitative chain turns that into a dollar figure: ALE = SLE x ARO. This Domain 1 deep-dive walks risk identification and assessment end to end, then the quantitative method that prices risk so you can justify a control budget. With Nova, Erica, Beth, and Liam, we define asset, threat, vulnerability, and risk exactly the way the exam tests them, value the asset, and run a full worked example from asset value to annualized loss expectancy.

In this video:

• The four words every risk decision is built on, and the swap that distractors hide in
• What risk really means: likelihood combined with impact, the NIST 800-30 way
• Asset valuation, including the intangible value people forget
• The exposure factor and the Single Loss Expectancy formula
• The Annualized Rate of Occurrence and the famous ALE formula
• A complete worked example: $50,000 asset, 20% EF, ARO of 2
• Quantitative versus qualitative, the likelihood-impact matrix, and the Delphi method

The next video moves into risk management part two: how to actually treat a risk once you have measured it, and the four responses every leader chooses between. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

CISSP is a registered trademark of (ISC)2. This channel is not affiliated with, endorsed by, or sponsored by (ISC)2. Content is for educational purposes only.

▶ Watch next: CISSP Risk Response & Threat Modeling (STRIDE) https://www.youtube.com/watch?v=Mr-riV_rgWo

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi