The correct answer is $10,000 because Annualized Loss Expectancy (ALE) represents the expected yearly financial loss from a specific risk. According to Security+ SY0-701 risk management principles, ALE is calculated using the formula:
ALE = Single Loss Expectancy (SLE) × Annualized Rate of Occurrence (ARO)
In this scenario, the Single Loss Expectancy (SLE) is clearly defined as $15,000, which represents the financial impact of a single security breach. The challenge lies in determining the Annualized Rate of Occurrence (ARO). The breach is expected to occur twice over a three-year period, which means the ARO is:
ARO = 2 ÷ 3 ≈ 0.67 occurrences per year
Using the ALE formula:
ALE = $15,000 × 0.67 ≈ $10,000
This calculation aligns with standard quantitative risk assessment techniques emphasized in the SY0-701 study guide. ALE allows organizations to compare the cost of potential losses against the cost of implementing security controls, helping leadership make informed, financially sound risk management decisions.
Option A, $7,500, would be correct only if the event occurred once every two years. Option C, $15,000, reflects the SLE but does not account for frequency. Option D, $30,000, incorrectly represents the total loss over three years rather than an annualized value.
The SY0-701 objectives highlight ALE as a critical metric for prioritizing risks, justifying security investments, and communicating risk in business terms to executives. By converting risk into an annual expected cost, ALE bridges the gap between technical security concerns and organizational financial planning.
In summary, when frequency is spread across multiple years, the loss must be annualized. Doing so correctly results in an ALE of $10,000, making option B the correct answer.
