Exposure factor (EF), in risk management, [1][2] is the subjective, potential percentage of loss to a specific asset if a specific threat is realized. It is usually applied in IT risk assessment, but may be applied to quantifying business risk more generally. [3]
Per formula:
The exposure factor is usually a subjective value that the person assessing risk must define. It is represented in the impact of the risk over the asset, or percentage of asset lost. As an example, if the asset value is reduced two thirds, the exposure factor value is 0.66. If the asset is completely lost, the exposure factor is 1.0.
References
edit- ^ Mike Tierney (2023).Annual loss expectancy and quantitative risk analysis, Netwrix
- ^ Volkan Evrin (2021). Risk Assessment and Analysis Methods: Qualitative and Quantitative, ISACA
- ^ Exposure factor definition, capital.com